aboutsummaryrefslogtreecommitdiffstats
path: root/roles/nextcloud/templates/nextcloud.conf.httpd.j2
blob: ffae13085c7c25a2c2825fd9cabdd6bce1d5f606 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# managed by Ansible
# see: https://x61.sh/log/2023/02/20230217T112354-nextcloud_openbsd.html


server "{{ nextcloud__domain_name }}" {
        listen on * port {{ nextcloud__listen_port }}

        root "/nextcloud"

        hsts max-age 15768000

        # set max upload size
        connection max request body 537919488
        connection max requests 1000
        connection request timeout 3600
        connection timeout 3600
        tcp nodelay

        gzip-static

        # deny access to the specified files
        location "/db_structure.xml"            { block }
        location "/README"                      { block }
        location "/config*"                     { block }
        location "/build*"                      { block }
        location "/tests*"                      { block }
        location "/lib*"                        { block }
        location "/3rdparty*"                   { block }
        location "/templates*"                  { block }
        location "/data*"                       { block }
        location "/.ht*"                        { block }
        location "/.user*"                      { block }
        location "/autotest*"                   { block }
        location "/occ*"                        { block }
        location "/issue*"                      { block }
        location "/indie*"                      { block }
        location "/db_*"                        { block }
        location "/console*"                    { block }

        location "/core/*" {
                gzip-static
                pass
        }

        location "/apps/*" {
                gzip-static
                pass
        }

        location "/dist/*" {
                gzip-static
                pass
        }

        location "/.well-known/carddav" {
                block return 301 "/remote.php/dav/"
        }

        location "/.well-known/caldav" {
                block return 301 "/remote.php/dav/"
        }

        location match "/oc[ms]%-provider/*" {
                directory index index.php
                pass
        }

        location "/.well-known/webfinger" {
                block return 301 "/index.php$REQUEST_URI"
        }

        location "/.well-known/nodeinfo" {
                block return 301 "/index.php$REQUEST_URI"
        }

        location "/.well-known/host-meta" {
                block return 301 "/public.php?service=host-meta"
        }

        location "/.well-known/host-meta.json" {
                block return 301 "/public.php?service=host-meta-json"
        }

        location "/*.php*" {
                fastcgi socket "/run/php-fpm.sock"
        }
}
remember that computers suck.