From f9fb9f9723a0c292e3fbe1f33c32b18a08b56206 Mon Sep 17 00:00:00 2001
From: konrad <Gitbb00>
Date: Mon, 15 May 2017 20:48:42 +0200
Subject: [PATCH] edited nginxconf

---
 conf/nginx/nginx.conf | 132 ++++++++++++++++++++++++++++++------------
 1 file changed, 96 insertions(+), 36 deletions(-)

diff --git a/conf/nginx/nginx.conf b/conf/nginx/nginx.conf
index 71474f2..eda239f 100644
--- a/conf/nginx/nginx.conf
+++ b/conf/nginx/nginx.conf
@@ -35,48 +35,108 @@ http {
         server_name  _;
         index        index.php;
         root         /var/www;
-        client_max_body_size 1G;
 
-        location / {
-            try_files $uri $uri/ /index.php;
-        }
+            # Add headers to serve security related headers
+	    # Before enabling Strict-Transport-Security headers please read into this
+	    # topic first.
+	    # add_header Strict-Transport-Security "max-age=15768000;
+	    # includeSubDomains; preload;";
+	    add_header X-Content-Type-Options nosniff;
+	    add_header X-Frame-Options "SAMEORIGIN";
+	    add_header X-XSS-Protection "1; mode=block";
+	    add_header X-Robots-Tag none;
+	    add_header X-Download-Options noopen;
+	    add_header X-Permitted-Cross-Domain-Policies none;
 
-        location ~ \.php$ {
-            try_files $uri =404;
-            fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass unix:/var/run/php-fpm.sock;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            fastcgi_index index.php;
-            include fastcgi_params;
-        }
+	    # Path to the root of your installation
+	    root /var/www/nextcloud/;
 
-        location ~* ^.+\.(log|sqlite)$ {
-            return 404;
-        }
+	    location = /robots.txt {
+		allow all;
+		log_not_found off;
+		access_log off;
+	    }
 
-        location ~ /\.ht {
-            return 404;
-        }
+	    # The following 2 rules are only needed for the user_webfinger app.
+	    # Uncomment it if you're planning to use this app.
+	    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+	    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+	    # last;
 
-        location ~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$ {
-            log_not_found off;
-            expires 7d;
-            etag on;
-        }
+	    location = /.well-known/carddav {
+	      return 301 $scheme://$host/remote.php/dav;
+	    }
+	    location = /.well-known/caldav {
+	      return 301 $scheme://$host/remote.php/dav;
+	    }
 
-        gzip on;
-        gzip_comp_level 3;
-        gzip_disable "msie6";
-        gzip_vary on;
-        gzip_types
-            text/plain
-            text/css
-            text/javascript
-            text/xml
-            application/javascript
-            application/json
-            application/xml
-            application/rss+xml;
+	    # set max upload size
+	    client_max_body_size 10G;
+	    fastcgi_buffers 64 4K;
+
+	    # Disable gzip to avoid the removal of the ETag header
+	    gzip off;
+
+	    # Uncomment if your server is build with the ngx_pagespeed module
+	    # This module is currently not supported.
+	    #pagespeed off;
+
+	    location / {
+		rewrite ^ /index.php$uri;
+	    }
+
+	    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+		deny all;
+	    }
+	    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+		deny all;
+	    }
+
+	    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+		fastcgi_split_path_info ^(.+\.php)(/.*)$;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param HTTPS on;
+		#Avoid sending the security headers twice
+		fastcgi_param modHeadersAvailable true;
+		fastcgi_param front_controller_active true;
+		fastcgi_pass php-handler;
+		fastcgi_intercept_errors on;
+		fastcgi_request_buffering off;
+	    }
+
+	    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+		try_files $uri/ =404;
+		index index.php;
+	    }
+
+	    # Adding the cache control header for js and css files
+	    # Make sure it is BELOW the PHP block
+	    location ~* \.(?:css|js|woff|svg|gif)$ {
+		try_files $uri /index.php$uri$is_args$args;
+		add_header Cache-Control "public, max-age=7200";
+		# Add headers to serve security related headers (It is intended to
+		# have those duplicated to the ones above)
+		# Before enabling Strict-Transport-Security headers please read into
+		# this topic first.
+		# add_header Strict-Transport-Security "max-age=15768000;
+		#  includeSubDomains; preload;";
+		add_header X-Content-Type-Options nosniff;
+		add_header X-Frame-Options "SAMEORIGIN";
+		add_header X-XSS-Protection "1; mode=block";
+		add_header X-Robots-Tag none;
+		add_header X-Download-Options noopen;
+		add_header X-Permitted-Cross-Domain-Policies none;
+		# Optional: Don't log access to assets
+		access_log off;
+	    }
+
+	    location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+		try_files $uri /index.php$uri$is_args$args;
+		# Optional: Don't log access to other assets
+		access_log off;
+	    }
     }
 
     add_header X-Frame-Options SAMEORIGIN;