root $ROOT; # ADDITIONAL DIRECTIVES HERE location = /robots.txt { log_not_found off; access_log off; } location = /favicon.ico { log_not_found off; access_log off; } location = /mailinabox.mobileconfig { alias /var/lib/mailinabox/mobileconfig.xml; } location = /.well-known/autoconfig/mail/config-v1.1.xml { alias /var/lib/mailinabox/mozilla-autoconfig.xml; } location = /mail/config-v1.1.xml { alias /var/lib/mailinabox/mozilla-autoconfig.xml; } location = /.well-known/mta-sts.txt { alias /var/lib/mailinabox/mta-sts.txt; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_read_timeout 630; fastcgi_pass php-default; # Outgoing mail also goes through this endpoint, so increase the maximum # file upload limit to match the corresponding Postfix limit. client_max_body_size 128M; } location ~* ^/autodiscover/autodiscover.xml$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_pass php-default; } # Disable viewing dotfiles (.htaccess, .svn, .git, etc.) # This block is placed at the end. Nginx's precedence rules means this block # takes precedence over all non-regex matches and only regex matches that # come after it (i.e. none of those, since this is the last one.) That means # we're blocking dotfiles in the static hosted sites but not the FastCGI- # handled locations for Nextcloud (which serves user-uploaded files that might # have this pattern, see #414) or some of the other services. location ~ /\.(ht|svn|git|hg|bzr) { log_not_found off; access_log off; deny all; }