Skip to content

Commit

Permalink
Merge pull request #258 from seikexyz/(fix)-NGINX-Config
Browse files Browse the repository at this point in the history 
Adjusted nginx configuration based on the example from Nextcloud for Version 26
  • Loading branch information
@wiktor2200
wiktor2200 committed May 2, 2023
2 parents 39a0273 + b444821 commit f83f2ac
Showing 1 changed file with 38 additions and 15 deletions.
53 changes: 38 additions & 15 deletions roles/install_nextcloud/templates/nginx_nc.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@
# Do NOT modify this file by hand!
################################################################################

# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}

{% if nextcloud_install_tls and nextcloud_tls_enforce %}
server {
listen 80;
Expand All @@ -20,8 +26,6 @@ server {
{% endif %}

server {
server_name {{ nextcloud_trusted_domain | ansible.utils.ipwrap | join(' ') }};

{% if not nextcloud_install_tls or not nextcloud_tls_enforce %}
listen 80;
{% if nextcloud_ipv6 %}
Expand All @@ -30,10 +34,16 @@ server {
{% endif %}

{% if nextcloud_install_tls %}
listen 443 ssl http2;
listen 443 ssl http2;
{% if nextcloud_ipv6 %}
listen [::]:443 ssl http2;
{% endif %}

server_name {{ nextcloud_trusted_domain | ansible.utils.ipwrap | join(' ') }};

# Path to the root of your installation
root {{ nextcloud_webroot }};

ssl_certificate {{ nextcloud_tls_cert_file }};
ssl_certificate_key {{ nextcloud_tls_cert_key_file }};

Expand Down Expand Up @@ -89,22 +99,33 @@ server {

# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
# pagespeed off;
#pagespeed off;

# The settings allows you to optimize the HTTP2 bandwitdth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tunning hints
client_body_buffer_size 512k;

# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root {{ nextcloud_webroot }};
# Add .mjs as a file extension for javascript
# Either include it in the default mime.types list
# or include you can include that list explicitly and add the file extension
# only for Nextcloud like below:
include mime.types;
types {
application/javascript js mjs;
}

# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
Expand Down Expand Up @@ -178,11 +199,13 @@ server {

fastcgi_intercept_errors on;
fastcgi_request_buffering off;

fastcgi_max_temp_file_size 0;
}

location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$ {
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets

location ~ \.wasm$ {
Expand Down

0 comments on commit f83f2ac

Please sign in to comment.