diff --git a/roles/nextcloud/files/nginx.conf b/roles/nextcloud/files/nginx.conf index d8f4b13..570874a 100644 --- a/roles/nextcloud/files/nginx.conf +++ b/roles/nextcloud/files/nginx.conf @@ -10,10 +10,6 @@ events { worker_connections 1024; } http { -# upstream backend { -# server nextcloud; -# } - server { listen 80; server_name cloud.stoopid.club; @@ -95,146 +91,6 @@ http { } } -# server { -# server_name cloud.stoopid.club; -# # Hide nginx version information. -# server_tokens off; -# -# listen 443 ssl http2; -# listen [::]:443 ssl http2; -# ssl_session_timeout 1d; -# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions -# ssl_session_tickets off; -# -# -# ssl_trusted_certificate /etc/letsencrypt/live/cloud.stoopid.club/chain.pem; -# ssl_certificate /etc/letsencrypt/live/cloud.stoopid.club/fullchain.pem; -# ssl_certificate_key /etc/letsencrypt/live/cloud.stoopid.club/privkey.pem; -## include /etc/letsencrypt/options-ssl-nginx.conf; -# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; -# -## ssl_protocols TLSv1.2 TLSv1.3; -## ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; -## ssl_prefer_server_ciphers off; -## # In case of an old server with an OpenSSL version of 1.0.2 or below, -## # leave only prime256v1 or comment out the following line. -## ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; -## ssl_stapling on; -## ssl_stapling_verify on; -# -# gzip_vary on; -# gzip_proxied any; -# gzip_comp_level 6; -# gzip_buffers 16 8k; -# gzip_http_version 1.1; -# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; -# -# proxy_http_version 1.1; -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header Connection "upgrade"; -# proxy_set_header Host $http_host; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# -# location @nextcloud { -# proxy_pass http://backend; -# } -# -# location / { -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header Host $host; -# proxy_set_header X-Real-IP $remote_addr; -# -# client_max_body_size 0; # default is 1M -# -# proxy_connect_timeout 10m; -# proxy_send_timeout 10m; -# proxy_read_timeout 10m; -# send_timeout 10m; -# -# try_files /dev/null @nextcloud; -# } -# -# -## location ~ ^/(media|proxy) { -## proxy_cache pleroma_media_cache; -## slice 1m; -## proxy_cache_key $host$uri$is_args$args$slice_range; -## proxy_set_header Range $slice_range; -## proxy_cache_valid 200 206 301 304 1h; -## proxy_cache_lock on; -## proxy_ignore_client_abort on; -## proxy_buffering on; -## chunked_transfer_encoding on; -## proxy_pass http://pleroma:4000/; -## } -# -# -# -# -## root /usr/share/nginx/html; -## include /etc/nginx/mime.types; -## -## -## location / { -## proxy_http_version 1.1; -## proxy_set_header Upgrade $http_upgrade; -## proxy_set_header Connection "upgrade"; -## proxy_read_timeout 300; # Some requests take more than 30 seconds. -## proxy_connect_timeout 300; # Some requests take more than 30 seconds. -## proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -## proxy_set_header X-Forwarded-Proto $scheme; -## proxy_set_header Host $http_host; -## proxy_redirect off; -## proxy_pass http://pleroma:4000/; -## } -## -### map $remote_addr $proxy_forwarded_elem { -### # IPv4 addresses can be sent as-is -### ~^[0-9.]+$ "for=$remote_addr"; -### -### # IPv6 addresses need to be bracketed and quoted -### ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; -### -### # Unix domain socket names cannot be represented in RFC 7239 syntax -### default "for=unknown"; -### } -### -### map $http_forwarded $proxy_add_forwarded { -### # If the incoming Forwarded header is syntactically valid, append to it -### "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; -### -### # Otherwise, replace it -### default "$proxy_forwarded_elem"; -### } -## -### proxy_set_header Forwarded $proxy_add_forwarded; -### proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -## -## gzip on; -## gzip_vary on; -## gzip_http_version 1.0; -## gzip_comp_level 5; -## gzip_types -## application/atom+xml -## application/javascript -## application/json -## application/rss+xml -## application/vnd.ms-fontobject -## application/x-font-ttf -## application/x-web-app-manifest+json -## application/xhtml+xml -## application/xml -## font/opentype -## image/svg+xml -## image/x-icon -## text/css -## text/plain -## text/x-component; -## gzip_proxied no-cache no-store private expired auth; -## gzip_min_length 256; -## gunzip on; -# } - include /etc/nginx/conf.d/*.conf; }