From 2699202daf19eb9799305e8facfdcc53068c63c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?E=CC=81ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Tue, 24 Oct 2023 17:32:53 +0200
Subject: [PATCH] Update nginx.conf

---
 conf/nginx.conf | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 9f73bfd..fda7626 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,4 +1,10 @@
-location ^~ /.well-known {
+  location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+  }
+
+  location ^~ /.well-known {
   # The following 6 rules are borrowed from `.htaccess`
 
   # The following 2 rules are only needed for the user_webfinger app.
@@ -23,7 +29,7 @@ location ^~ __PATH__/ {
   # Path to source
   alias __INSTALL_DIR__/;
 
-  # Set max upload size
+  # set max upload size and increase upload timeout:
   client_max_body_size 10G;
   client_body_timeout 300s;
   fastcgi_buffers 64 4K;
@@ -45,7 +51,7 @@ location ^~ __PATH__/ {
   # for tunning hints
   client_body_buffer_size 512k;
 
-  # Add headers to serve security related headers
+  # HTTP response headers borrowed from Nextcloud `.htaccess`
   more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
   more_set_headers "Referrer-Policy: no-referrer";
   more_set_headers "X-Content-Type-Options: nosniff";
@@ -77,12 +83,6 @@ location ^~ __PATH__/ {
       }
   }
 
-  location = __PATH__/robots.txt {
-    allow all;
-    log_not_found off;
-    access_log off;
-  }
-
   # Rules borrowed from `.htaccess` to hide certain paths from clients
   location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)    { return 404; }
   location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console)                  { return 404; }
@@ -93,8 +93,6 @@ location ^~ __PATH__/ {
   # `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
   location ~ \.php(?:$|/) {
     # Required for legacy support
-    # https://github.com/nextcloud/documentation/pull/2197#issuecomment-721432337
-    # This line fix the ldap admin page
     rewrite ^__PATH__/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) __PATH__/index.php$request_uri;
     
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
@@ -111,6 +109,7 @@ location ^~ __PATH__/ {
     fastcgi_param front_controller_active true;     # Enable pretty urls
     fastcgi_param HTTP_ACCEPT_ENCODING "";          # Disable encoding of nextcloud response to inject ynh scripts
     fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
+    
     fastcgi_intercept_errors on;
     fastcgi_request_buffering off;
 
@@ -130,7 +129,7 @@ location ^~ __PATH__/ {
 
   location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
     try_files $uri / __PATH__/index.php$request_uri;
-    expires 6M;         # Cache-Control policy borrowed from `.htaccess`
+    more_set_headers "Cache-Control: public, max-age=15778463, $asset_immutable";
     access_log off;     # Optional: Don't log access to assets
 
     location ~ \.wasm$ {
@@ -144,6 +143,11 @@ location ^~ __PATH__/ {
     access_log off;     # Optional: Don't log access to assets
   }
 
+  # Rule borrowed from `.htaccess`
+    location __PATH__/remote {
+      return 301 __PATH__/remote.php$request_uri;
+    }
+
   location ~ / {
     if ($request_method ~ ^(PUT|DELETE|PATCH)$) {
         rewrite ^ __PATH__/index.php$request_uri last;