YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Update nginx.conf

Browse source
This commit is contained in:
Éric Gaspar 2023-10-09 09:45:47 +02:00
parent bd5988b589
commit b46b53195e
1 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
conf/nginx.conf
View file

@ -21,18 +21,9 @@ location ^~ __PATH__/ {
# Path to source # Path to source
alias __INSTALL_DIR__/; alias __INSTALL_DIR__/;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: noindex, nofollow";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Set max upload size # Set max upload size
client_max_body_size 10G; client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers # Enable gzip but do not remove ETag headers
@ -52,6 +43,16 @@ location ^~ __PATH__/ {
# for tunning hints # for tunning hints
client_body_buffer_size 512k; client_body_buffer_size 512k;
# Add headers to serve security related headers
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: noindex, nofollow";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
@ -92,7 +93,7 @@ location ^~ __PATH__/ {
# Required for legacy support # Required for legacy support
# https://github.com/nextcloud/documentation/pull/2197#issuecomment-721432337 # https://github.com/nextcloud/documentation/pull/2197#issuecomment-721432337
# This line fix the ldap admin page # This line fix the ldap admin page
rewrite ^__PATH__/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) __PATH__/index.php$request_uri; rewrite ^__PATH__/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) __PATH__/index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -120,7 +121,7 @@ location ^~ __PATH__/ {
send_timeout 600; send_timeout 600;
} }
location ~ ^__PATH__/(?:updater|oc[ms]-provider)(?:$|/) { location ~ ^__PATH__/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
} }