# Use Mozilla's guidelines for SSL/TLS settings # https://mozilla.github.io/server-side-tls/ssl-config-generator/ ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; # 这里根据自己实际情况修改证书文件 ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
# HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size client_max_body_size16G; # 这里根据自己实际情况修改大小,这个关系到能够上传的最大文件大小 fastcgi_buffers644K;
# Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off;
# Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By;
# Path to the root of your installation root /var/www/nextcloud;
# Specify how to handle directories -- specifying `/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent~ ^DavClnt ) { return302 /remote.php/webdav/$is_args$args; } }
# Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`.
# Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return301 /index.php$request_uri; }
# Rules borrowed from `.htaccess` to hide certain paths from clients location~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return404; } location~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location~ \.php(?:$|/) { # Required for legacy support rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;