1 files changed, 87 insertions, 0 deletions

diff --git a/roles/nextcloud/templates/nextcloud.conf.httpd.j2 b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
new file mode 100644
index 0000000..ffae130
--- /dev/null
+++ b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
@@ -0,0 +1,87 @@
+# managed by Ansible
+# see: https://x61.sh/log/2023/02/20230217T112354-nextcloud_openbsd.html
+
+
+server "{{ nextcloud__domain_name }}" {
+        listen on * port {{ nextcloud__listen_port }}
+
+        root "/nextcloud"
+
+        hsts max-age 15768000
+
+        # set max upload size
+        connection max request body 537919488
+        connection max requests 1000
+        connection request timeout 3600
+        connection timeout 3600
+        tcp nodelay
+
+        gzip-static
+
+        # deny access to the specified files
+        location "/db_structure.xml"            { block }
+        location "/README"                      { block }
+        location "/config*"                     { block }
+        location "/build*"                      { block }
+        location "/tests*"                      { block }
+        location "/lib*"                        { block }
+        location "/3rdparty*"                   { block }
+        location "/templates*"                  { block }
+        location "/data*"                       { block }
+        location "/.ht*"                        { block }
+        location "/.user*"                      { block }
+        location "/autotest*"                   { block }
+        location "/occ*"                        { block }
+        location "/issue*"                      { block }
+        location "/indie*"                      { block }
+        location "/db_*"                        { block }
+        location "/console*"                    { block }
+
+        location "/core/*" {
+                gzip-static
+                pass
+        }
+
+        location "/apps/*" {
+                gzip-static
+                pass
+        }
+
+        location "/dist/*" {
+                gzip-static
+                pass
+        }
+
+        location "/.well-known/carddav" {
+                block return 301 "/remote.php/dav/"
+        }
+
+        location "/.well-known/caldav" {
+                block return 301 "/remote.php/dav/"
+        }
+
+        location match "/oc[ms]%-provider/*" {
+                directory index index.php
+                pass
+        }
+
+        location "/.well-known/webfinger" {
+                block return 301 "/index.php$REQUEST_URI"
+        }
+
+        location "/.well-known/nodeinfo" {
+                block return 301 "/index.php$REQUEST_URI"
+        }
+
+        location "/.well-known/host-meta" {
+                block return 301 "/public.php?service=host-meta"
+        }
+
+        location "/.well-known/host-meta.json" {
+                block return 301 "/public.php?service=host-meta-json"
+        }
+
+        location "/*.php*" {
+                fastcgi socket "/run/php-fpm.sock"
+        }
+}