From 3dd34327ca32b7c962dd8c5869d900b0fca8aa29 Mon Sep 17 00:00:00 2001
From: Jimmy Monin <jimmy@monin.net>
Date: Sat, 2 Mar 2019 12:18:33 +0100
Subject: [PATCH] Update nginx configuration to latest Nextcloud
 recommendations

---
 conf/nginx.conf | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 2e085c9..7cdfd8f 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -13,7 +13,7 @@ location ^~ __PATH__ {
   }
 
   # Add headers to serve security related headers
-  more_set_headers "Strict-Transport-Security: max-age=15768000";
+  more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
   more_set_headers "X-Content-Type-Options: nosniff";
   more_set_headers "X-XSS-Protection: 1; mode=block";
   more_set_headers "X-Robots-Tag: none";
@@ -59,9 +59,9 @@ location ^~ __PATH__ {
     deny all;
   }
 
-  location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+  location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+)\.php(/.*|)$ {
     include fastcgi_params;
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_split_path_info ^(.+\.php)(/.*|)$;
     fastcgi_param SCRIPT_FILENAME $request_filename;
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_param HTTPS on;
@@ -71,14 +71,15 @@ location ^~ __PATH__ {
     fastcgi_intercept_errors on;
   }
 
-  location ~ ^__PATH__/(?:updater|ocs-provider)(?:$|/) {
+  location ~ ^__PATH__/(?:updater|ocs-provider|ocm-provider)(?:$|/) {
     try_files $uri/ =404;
     index index.php;
   }
 
   # Adding the cache control header for js and css files
-  location ~* \.(?:css|js)$ {
-    more_set_headers "Cache-Control: public, max-age=7200";
+  location ~ ^__PATH__/.+[^/]\.(?:css|js|woff2?|svg|gif)$ {
+    try_files $uri __PATH__/index.php$request_uri;
+    more_set_headers "Cache-Control: public, max-age=15778463";
     # Add headers to serve security related headers
     more_set_headers "Strict-Transport-Security: max-age=15768000";
     more_set_headers "X-Content-Type-Options: nosniff";
@@ -92,7 +93,7 @@ location ^~ __PATH__ {
     access_log off;
   }
 
-  location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
+  location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
     # Optional: Don't log access to other assets
     access_log off;
   }