diff --git a/nextcloud/rootfs/nginx/sites-enabled/nginx.conf b/nextcloud/rootfs/nginx/sites-enabled/nginx.conf index 6a7cb58..4213928 100644 --- a/nextcloud/rootfs/nginx/sites-enabled/nginx.conf +++ b/nextcloud/rootfs/nginx/sites-enabled/nginx.conf @@ -10,7 +10,9 @@ server { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy "strict-origin"; + add_header Referrer-Policy no-referrer; + + location = /robots.txt { allow all; @@ -27,7 +29,7 @@ server { } location / { - rewrite ^ /index.php$uri; + rewrite ^ /index.php$request_uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { @@ -41,6 +43,7 @@ server { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include /nginx/conf/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_hide_header X-Powered-By; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param modHeadersAvailable true; @@ -56,21 +59,21 @@ server { index index.php; } - location ~* \.(?:css|js)$ { - try_files $uri /index.php$uri$is_args$args; + location ~ \.(?:css|js|woff2?|svg|gif)$ { + try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=7200"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; access_log off; } - location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { - try_files $uri /index.php$uri$is_args$args; + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$request_uri; access_log off; } }