diff options
Diffstat (limited to 'playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud')
-rw-r--r-- | playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud b/playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud deleted file mode 100644 index c4a86cb..0000000 --- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud +++ /dev/null @@ -1,137 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name cloud.tyil.nl; - - error_log /var/log/nginx/cloud-error.log; - access_log /var/log/nginx/cloud-access.log; - - ssl_certificate /etc/letsencrypt/live/cloud.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cloud.tyil.nl/privkey.pem; - - include /etc/nginx/snippets.d/ssl.conf; - include /etc/nginx/snippets.d/certbot.conf; - - # Set timeouts - fastcgi_read_timeout 300; - proxy_read_timeout 300; - - # Set upload size - client_max_body_size 200M; - fastcgi_buffers 64 4K; - - # Add (security) headers - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy "no-referrer"; - add_header X-Frame-Options "SAMEORIGIN"; - add_header Strict-Transport-Security "max-age=63072000" always; - - # Remove headers - fastcgi_hide_header X-Powered-By; - - # Enable gzip - gzip off; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy - ; - - root /var/www/nl.tyil.cloud; - - location / { - rewrite ^ /index.php?$request_uri; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ^~ /.well-known { - rewrite ^/\.well-known/host-meta.json /public.php?service=host-meta.json last; - rewrite ^/\.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/\.well-known/webfinger /public.php?service=webfinger last; - rewrite ^/\.well-known/nodeinfo /public.php?service=nodeinfo last; - - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - - #location ^~ /.well-known { return 301 /index.php$uri; } - - try_files $uri $uri/ =404; - } - - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } - - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - include snippets.d/fcgi.conf; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass localhost:9000; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri/ =404; - index index.php; - } - - location ~ \.(?:css|js|woff|svg|gif)$ { - try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$request_uri; - access_log off; - } -} |