2020-09-27 01:01:17 +00:00
|
|
|
# ADDITIONAL DIRECTIVES HERE
|
2020-12-20 23:11:28 +00:00
|
|
|
|
2014-08-27 02:38:43 +00:00
|
|
|
# Control Panel
|
2014-10-05 12:55:28 +00:00
|
|
|
# Proxy /admin to our Python based control panel daemon. It is
|
|
|
|
# listening on IPv4 only so use an IP address and not 'localhost'.
|
2017-05-23 23:22:53 +00:00
|
|
|
location /admin/assets {
|
|
|
|
alias /usr/local/lib/mailinabox/vendor/assets;
|
|
|
|
}
|
2014-08-27 02:38:43 +00:00
|
|
|
rewrite ^/admin$ /admin/;
|
2015-06-07 18:50:41 +00:00
|
|
|
rewrite ^/admin/munin$ /admin/munin/ redirect;
|
2014-08-27 02:38:43 +00:00
|
|
|
location /admin/ {
|
2014-10-05 12:55:28 +00:00
|
|
|
proxy_pass http://127.0.0.1:10222/;
|
2014-08-27 02:38:43 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2016-03-13 17:40:02 +00:00
|
|
|
add_header X-Frame-Options "DENY";
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header Content-Security-Policy "frame-ancestors 'none';";
|
2014-08-27 02:38:43 +00:00
|
|
|
}
|
|
|
|
|
2020-09-27 01:05:16 +00:00
|
|
|
# Roundcube Webmail configuration.
|
|
|
|
rewrite ^/mail$ /mail/ redirect;
|
|
|
|
rewrite ^/mail/$ /mail/index.php;
|
|
|
|
location /mail/ {
|
|
|
|
index index.php;
|
|
|
|
alias /usr/local/lib/roundcubemail/;
|
|
|
|
}
|
|
|
|
location ~ /mail/config/.* {
|
|
|
|
# A ~-style location is needed to give this precedence over the next block.
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
location ~ /mail/.*\.php {
|
|
|
|
# note: ~ has precendence over a regular location block
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_split_path_info ^/mail(/.*)()$;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
|
|
|
|
fastcgi_pass php-fpm;
|
|
|
|
|
|
|
|
# Outgoing mail also goes through this endpoint, so increase the maximum
|
|
|
|
# file upload limit to match the corresponding Postfix limit.
|
|
|
|
client_max_body_size 128M;
|
|
|
|
}
|
|
|
|
|
2017-04-02 09:19:21 +00:00
|
|
|
# Nextcloud configuration.
|
2014-08-16 12:33:10 +00:00
|
|
|
rewrite ^/cloud$ /cloud/ redirect;
|
|
|
|
rewrite ^/cloud/$ /cloud/index.php;
|
2014-09-03 10:51:19 +00:00
|
|
|
rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
|
2014-08-16 12:33:10 +00:00
|
|
|
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
|
2019-06-16 15:10:53 +00:00
|
|
|
rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
|
2014-08-16 12:33:10 +00:00
|
|
|
location /cloud/ {
|
|
|
|
alias /usr/local/lib/owncloud/;
|
2020-06-28 08:57:28 +00:00
|
|
|
location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|
|
|
deny all;
|
|
|
|
}
|
2019-06-16 15:10:53 +00:00
|
|
|
# Enable paths for service and cloud federation discovery
|
|
|
|
# Resolves warning in Nextcloud Settings panel
|
2020-06-28 08:57:28 +00:00
|
|
|
location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
|
|
|
|
index index.php;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
|
|
|
|
fastcgi_pass php-fpm;
|
|
|
|
}
|
2014-08-16 12:33:10 +00:00
|
|
|
}
|
2014-10-28 12:05:07 +00:00
|
|
|
location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
|
2014-08-16 12:33:10 +00:00
|
|
|
# note: ~ has precendence over a regular location block
|
2014-10-28 12:05:07 +00:00
|
|
|
# Accept URLs like:
|
|
|
|
# /cloud/index.php/apps/files/
|
|
|
|
# /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
|
|
|
|
# /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
|
2015-05-30 18:03:37 +00:00
|
|
|
# /cloud/remote.php/webdav/yourfilehere...
|
2014-08-16 12:33:10 +00:00
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
|
|
|
|
fastcgi_param SCRIPT_NAME $1$2;
|
|
|
|
fastcgi_param PATH_INFO $3;
|
|
|
|
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
|
2015-06-14 16:04:07 +00:00
|
|
|
fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
|
2014-08-16 12:33:10 +00:00
|
|
|
fastcgi_read_timeout 630;
|
|
|
|
fastcgi_pass php-fpm;
|
|
|
|
client_max_body_size 1G;
|
|
|
|
fastcgi_buffers 64 4K;
|
|
|
|
}
|
2015-06-14 16:04:07 +00:00
|
|
|
location ^~ /owncloud-xaccel/ {
|
2017-04-02 09:19:21 +00:00
|
|
|
# This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
|
2015-06-14 16:04:07 +00:00
|
|
|
# path on disk as a subdirectory under this virtual path.
|
|
|
|
# We must only allow 'internal' redirects within nginx so that the filesystem
|
2015-04-20 22:17:23 +00:00
|
|
|
# is not exposed to the world.
|
2014-08-16 12:33:10 +00:00
|
|
|
internal;
|
2015-06-14 16:04:07 +00:00
|
|
|
alias /;
|
2014-08-16 12:33:10 +00:00
|
|
|
}
|
|
|
|
location ~ ^/((caldav|carddav|webdav).*)$ {
|
|
|
|
# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
|
|
|
|
# Properly proxying like this seems to work fine.
|
2015-08-28 19:07:47 +00:00
|
|
|
proxy_pass https://127.0.0.1/cloud/remote.php/$1;
|
2014-08-16 12:33:10 +00:00
|
|
|
}
|
|
|
|
rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
|
|
|
|
rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
|
|
|
|
rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
|
|
|
|
rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
|
2020-12-20 23:11:28 +00:00
|
|
|
|
|
|
|
# WKD Locations
|
|
|
|
location ~ ^/.well-known/openpgpkey/(?<domain>.+)/policy$ {
|
|
|
|
add_header Access-Control-Allow-origin * always;
|
|
|
|
if (-d /var/lib/mailinabox/wkd/$domain/) {
|
|
|
|
return 204;
|
|
|
|
}
|
|
|
|
return 404;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ ^/.well-known/openpgpkey/(?<domain>.+)/hu/(?<keyid>[ybndrfg8ejkmcpqxot1uwisza345h769]+)$ {
|
|
|
|
add_header Access-Control-Allow-Origin * always;
|
|
|
|
alias /var/lib/mailinabox/wkd/$domain/$keyid;
|
|
|
|
}
|