#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { # Path to source alias __FINALPATH__/; # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } # Add headers to serve security related headers more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Robots-Tag: none"; more_set_headers "X-Download-Options: noopen"; more_set_headers "X-Permitted-Cross-Domain-Policies: none"; more_set_headers "Referrer-Policy: no-referrer"; # Set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; client_body_timeout 60m; proxy_read_timeout 60m; # Disable gzip to avoid the removal of the ETag header gzip off; index index.php; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { include fastcgi_params; fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_intercept_errors on; fastcgi_read_timeout 60m; fastcgi_send_timeout 60m; } location ^~ __PATH__/(uploads|thumbs){ deny all; } location ^~ __PATH__/private { deny all; location ~* __PATH__/private/temp/.*\.zip$ { allow all; } } location ^~ __PATH__/core { deny all; location ~* __PATH__/core/.*\.js$ { allow all; } } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; }