erik/nextcloud-aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nextcloud-aws/roles/nextcloud/files/nginx.conf

240 lines
8.8 KiB
Nginx Configuration File
Raw Blame History

# Run as a less privileged user for security reasons.
user nginx;
# #worker_threads to run;
# "auto" sets it to the #CPU_cores available in the system, and
# offers the best performance.
worker_processes auto;
events { worker_connections 1024; }
http {
# upstream backend {
# server nextcloud;
# }
server {
listen 80;
server_name cloud.stoopid.club;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
# Hide nginx version information.
server_tokens off;
listen 443 ssl default_server;
server_name cloud.stoopid.club;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
ssl_certificate /etc/letsencrypt/live/cloud.stoopid.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.stoopid.club/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# location / {
# try_files $uri $uri/ /index.html;
# }
gzip on;
gzip_vary on;
gzip_http_version 1.0;
gzip_comp_level 5;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 256;
gunzip on;
location @nextcloud {
proxy_pass http://nextcloud;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 0; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
try_files /dev/null @nextcloud;
}
}
# server {
# server_name cloud.stoopid.club;
# # Hide nginx version information.
# server_tokens off;
#
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# ssl_session_timeout 1d;
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
# ssl_session_tickets off;
#
#
# ssl_trusted_certificate /etc/letsencrypt/live/cloud.stoopid.club/chain.pem;
# ssl_certificate /etc/letsencrypt/live/cloud.stoopid.club/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/cloud.stoopid.club/privkey.pem;
## include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
#
## ssl_protocols TLSv1.2 TLSv1.3;
## ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
## ssl_prefer_server_ciphers off;
## # In case of an old server with an OpenSSL version of 1.0.2 or below,
## # leave only prime256v1 or comment out the following line.
## ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
## ssl_stapling on;
## ssl_stapling_verify on;
#
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
#
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $http_host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#
# location @nextcloud {
# proxy_pass http://backend;
# }
#
# location / {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
#
# client_max_body_size 0; # default is 1M
#
# proxy_connect_timeout 10m;
# proxy_send_timeout 10m;
# proxy_read_timeout 10m;
# send_timeout 10m;
#
# try_files /dev/null @nextcloud;
# }
#
#
## location ~ ^/(media|proxy) {
## proxy_cache pleroma_media_cache;
## slice 1m;
## proxy_cache_key $host$uri$is_args$args$slice_range;
## proxy_set_header Range $slice_range;
## proxy_cache_valid 200 206 301 304 1h;
## proxy_cache_lock on;
## proxy_ignore_client_abort on;
## proxy_buffering on;
## chunked_transfer_encoding on;
## proxy_pass http://pleroma:4000/;
## }
#
#
#
#
## root /usr/share/nginx/html;
## include /etc/nginx/mime.types;
##
##
## location / {
## proxy_http_version 1.1;
## proxy_set_header Upgrade $http_upgrade;
## proxy_set_header Connection "upgrade";
## proxy_read_timeout 300; # Some requests take more than 30 seconds.
## proxy_connect_timeout 300; # Some requests take more than 30 seconds.
## proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
## proxy_set_header X-Forwarded-Proto $scheme;
## proxy_set_header Host $http_host;
## proxy_redirect off;
## proxy_pass http://pleroma:4000/;
## }
##
### map $remote_addr $proxy_forwarded_elem {
### # IPv4 addresses can be sent as-is
### ~^[0-9.]+$ "for=$remote_addr";
###
### # IPv6 addresses need to be bracketed and quoted
### ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
###
### # Unix domain socket names cannot be represented in RFC 7239 syntax
### default "for=unknown";
### }
###
### map $http_forwarded $proxy_add_forwarded {
### # If the incoming Forwarded header is syntactically valid, append to it
### "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
###
### # Otherwise, replace it
### default "$proxy_forwarded_elem";
### }
##
### proxy_set_header Forwarded $proxy_add_forwarded;
### proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##
## gzip on;
## gzip_vary on;
## gzip_http_version 1.0;
## gzip_comp_level 5;
## gzip_types
## application/atom+xml
## application/javascript
## application/json
## application/rss+xml
## application/vnd.ms-fontobject
## application/x-font-ttf
## application/x-web-app-manifest+json
## application/xhtml+xml
## application/xml
## font/opentype
## image/svg+xml
## image/x-icon
## text/css
## text/plain
## text/x-component;
## gzip_proxied no-cache no-store private expired auth;
## gzip_min_length 256;
## gunzip on;
# }
include /etc/nginx/conf.d/*.conf;
}
Reference in a new issue View git blame Copy permalink