hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2025-04-19 20:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

update nginx.conf

Browse Source
This commit is contained in:
Wonderfall 2020-01-27 14:03:29 +01:00
parent 6e6b0e1dab
commit fb7f548415
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
rootfs/nginx/sites-enabled/nginx.conf
View File

@ -3,17 +3,17 @@ server {
root /nextcloud; root /nextcloud;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;
large_client_header_buffers 4 16k; large_client_header_buffers 4 16k;
# https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#enable-http-strict-transport-security
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
# https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#serve-security-related-headers-by-the-web-server
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy "no-referrer" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
location = /robots.txt { location = /robots.txt {
allow all; allow all;
@ -41,7 +41,7 @@ server {
deny all; deny all;
} }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
include /nginx/conf/fastcgi_params; include /nginx/conf/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@ -54,14 +54,14 @@ server {
fastcgi_read_timeout 1200; fastcgi_read_timeout 1200;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }
location ~* \.(?:css|js|woff2?|svg|gif)$ { location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200"; add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
@ -72,7 +72,7 @@ server {
access_log off; access_log off;
} }
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ { location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$uri$is_args$args;
access_log off; access_log off;
} }