1 files changed, 49 insertions, 0 deletions

diff --git a/roles/nextcloud/templates/nextcloud.conf.httpd.j2 b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
new file mode 100644
index 0000000..8ba5e45
--- /dev/null
+++ b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
@@ -0,0 +1,49 @@
+server "cloud.{{ global.domain_name }}" {
+	listen on * port {{ nextcloud_port }}
+
+	root "/nextcloud"
+	directory index index.php
+
+	hsts max-age 15768000
+
+	# deny access to confidential data/programs first
+	location "/.ht*"        { block }
+	location "/.user*"      { block }
+	location "/3rdparty*"   { block }
+	location "/README"      { block }
+	location "/autotest*"   { block }
+	location "/build*"      { block }
+	location "/config*"     { block }
+	location "/console*"    { block }
+	location "/data*"       { block }
+	location "/db_*"        { block }
+	location "/indie*"      { block }
+	location "/issue*"      { block }
+	location "/lib*"        { block }
+	location "/occ*"        { block }
+	location "/templates*"  { block }
+	location "/tests*"      { block }
+
+	location "/*.php" {
+		fastcgi socket "/run/php-fpm.sock"
+	} 
+	location "/*.php[/?]*" {    
+		fastcgi socket "/run/php-fpm.sock"
+	}
+
+	location "/.well-known/host-meta" {
+		block return 301 "/public.php?service=host-meta"
+	}
+	location "/.well-known/host-meta.json" {
+		block return 301 "/public.php?service=host-meta-json"
+	}
+	location "/.well-known/webfinger" {
+		block return 301 "/public.php?service=webfinger"
+	}
+	location "/.well-known/carddav" {
+		block return 301 "/remote.php/dav/"
+	}
+	location "/.well-known/caldav" {
+		block return 301 "/remote.php/dav/"
+	}
+}