worker_processes auto;
pid /tmp/nginx.pid;
daemon off;

events {
    worker_connections 1024;
    use epoll;
}

http {
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log off;
    error_log /tmp/ngx_error.log error;

    sendfile on;
    keepalive_timeout 15;
    keepalive_disable msie6;
    keepalive_requests 100;
    tcp_nopush on;
    tcp_nodelay on;
    server_tokens off;
    
    fastcgi_temp_path /tmp/fastcgi 1 2;
    client_body_temp_path /tmp/client_body 1 2;
    proxy_temp_path /tmp/proxy 1 2;
    uwsgi_temp_path /tmp/uwsgi 1 2;
    scgi_temp_path /tmp/scgi 1 2;

    gzip off;

    server {
        listen 8888;
        root /nextcloud;
        
        client_max_body_size <UPLOAD_MAX_SIZE>;
        fastcgi_buffers 64 4K;

        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;
        
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
        }

        location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
        }

        location / {
            rewrite ^ /index.php$uri;
        }

        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            include fastcgi_params;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass unix:/tmp/php-fpm.sock;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_read_timeout 1200;
        }

        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }

        location ~* \.(?:css|js)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=7200";
            add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            access_log off;
        }

        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            access_log off;
        }
    }
}