upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 80;
server_name pan.wzlinux.com;
return
301 https:
//
$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name pan.wzlinux.com;
ssl_certificate
/etc/nginx/cert/nextcloud
.crt;
ssl_certificate_key
/etc/nginx/cert/nextcloud
.key;
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection
"1; mode=block"
;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root
/usr/share/nginx/html/nextcloud/
;
location =
/robots
.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known
/carddav
{
return
301 $scheme:
//
$host
/remote
.php
/dav
;
}
location = /.well-known
/caldav
{
return
301 $scheme:
//
$host
/remote
.php
/dav
;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip
on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application
/atom
+xml application
/javascript
application
/json
application
/ld
+json application
/manifest
+json application
/rss
+xml application
/vnd
.geo+json application
/vnd
.ms-fontobject application
/x-font-ttf
application
/x-web
-app-manifest+json application
/xhtml
+xml application
/xml
font
/opentype
image
/bmp
image
/svg
+xml image
/x-icon
text
/cache-manifest
text
/css
text
/plain
text
/vcard
text
/vnd
.rim.location.xloc text
/vtt
text
/x-component
text
/x-cross-domain-polic
y;
location / {
rewrite ^
/index
.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|
cron
|core
/ajax/update
|status|ocs
/v
[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable
true
;
fastcgi_param front_controller_active
true
;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri
/index
.php$uri$is_args$args;
add_header Cache-Control
"public, max-age=15778463"
;
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection
"1; mode=block"
;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri
/index
.php$uri$is_args$args;
access_log off;
}
}