From cc08c702240e0ff8ff35abcf0590e928a47323bf Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Wed, 20 Mar 2019 20:22:37 +0100
Subject: [PATCH 1/2] Quickfix for path traversal issue

---
 conf/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 2e085c9..a416de2 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -6,7 +6,7 @@ location = /.well-known/caldav {
 }
 
 location ^~ __PATH__ {
-  alias __FINALPATH__/;
+  alias __FINALPATH__;
 
   if ($scheme = http) {
     rewrite ^ https://$server_name$request_uri? permanent;

From 0be7e16d743ce501dd53ff9fdca203c06595a502 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Wed, 20 Mar 2019 20:56:17 +0100
Subject: [PATCH 2/2] Add `/` at the end of the location + add rewrite rule

---
 conf/nginx.conf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index a416de2..6b18d36 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -5,8 +5,9 @@ location = /.well-known/caldav {
   return 301 https://$server_name__PATH__/remote.php/dav;
 }
 
-location ^~ __PATH__ {
-  alias __FINALPATH__;
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location ^~ __PATH__/ {
+  alias __FINALPATH__/;
 
   if ($scheme = http) {
     rewrite ^ https://$server_name$request_uri? permanent;
@@ -42,7 +43,7 @@ location ^~ __PATH__ {
   #rewrite ^/.well-known/host-meta __PATH__/public.php?service=host-meta last;
   #rewrite ^/.well-known/host-meta.json __PATH__/public.php?service=host-meta-json last;
 
-  location __PATH__ {
+  location __PATH__/ {
     rewrite ^ __PATH__/index.php$request_uri;
   }