Ansible/templates/nextcloud_nginx_vhost.j2

map $arg_v $asset_immutable {
    "" "";
    default "immutable";
}

server {

    listen 80;
    server_name {{ nextcloud_hostname }};

    root /nextcloud/;
    sendfile on;

    client_max_body_size {{ php_max_upload_size }};
    client_body_timeout 900s;

    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header Strict-Transport-Security            "15552000"      always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "noindex, nofollow" always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    fastcgi_hide_header X-Powered-By;

    index index.php index.html /index.php$request_uri;

    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ^~ /.well-known {

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        return 301 /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    location ~ \.php(?:$|/) {

        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix:///run/php/cloudMain.sock;
        fastcgi_read_timeout 300s;
        fastcgi_intercept_errors on;

    }

    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
        access_log off;     # Optional: Don't log access to assets

        location ~ \.wasm$ {
            default_type application/wasm;
        }
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;
        access_log off;
    }

    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }

}
Fix formating 2024-02-12 21:15:56 +00:00			`map $arg_v $asset_immutable {`
			`"" "";`
			`default "immutable";`
			`}`

			`server {`

			`listen 80;`
			`server_name {{ nextcloud_hostname }};`

			`root /nextcloud/;`
			`sendfile on;`

			`client_max_body_size {{ php_max_upload_size }};`
			`client_body_timeout 900s;`

			`add_header Referrer-Policy "no-referrer" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-Download-Options "noopen" always;`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header Strict-Transport-Security "15552000" always;`
			`add_header X-Permitted-Cross-Domain-Policies "none" always;`
			`add_header X-Robots-Tag "noindex, nofollow" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`fastcgi_hide_header X-Powered-By;`

			`index index.php index.html /index.php$request_uri;`

			`location = / {`
			`if ( $http_user_agent ~ ^DavClnt ) {`
			`return 302 /remote.php/webdav/$is_args$args;`
			`}`
			`}`

			`location = /robots.txt {`
			`allow all;`
			`log_not_found off;`
			`access_log off;`
			`}`

			`location ^~ /.well-known {`

			`location = /.well-known/carddav { return 301 /remote.php/dav/; }`
			`location = /.well-known/caldav { return 301 /remote.php/dav/; }`

			`location /.well-known/acme-challenge { try_files $uri $uri/ =404; }`
			`location /.well-known/pki-validation { try_files $uri $uri/ =404; }`

			`return 301 /index.php$request_uri;`
			`}`

			`location ~ ^/(?:build\|tests\|config\|lib\|3rdparty\|templates\|data)(?:$\|/) { return 404; }`
			`location ~ ^/(?:\.\|autotest\|occ\|issue\|indie\|db_\|console) { return 404; }`

			`location ~ \.php(?:$\|/) {`

			`rewrite ^/(?!index\|remote\|public\|cron\|core\/ajax\/update\|status\|ocs\/v[12]\|updater\/.+\|oc[ms]-provider\/.+\|.+\/richdocumentscode\/proxy) /index.php$request_uri;`

			`fastcgi_split_path_info ^(.+?\.php)(/.*)$;`
			`set $path_info $fastcgi_path_info;`

			`try_files $fastcgi_script_name =404;`

			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`fastcgi_param PATH_INFO $path_info;`
			`fastcgi_param modHeadersAvailable true;`
			`fastcgi_param front_controller_active true;`
			`fastcgi_pass unix:///run/php/cloudMain.sock;`
			`fastcgi_read_timeout 300s;`
			`fastcgi_intercept_errors on;`

			`}`

			`location ~ \.(?:css\|js\|mjs\|svg\|gif\|png\|jpg\|ico\|wasm\|tflite\|map\|ogg\|flac)$ {`
			`try_files $uri /index.php$request_uri;`
			`add_header Cache-Control "public, max-age=15778463, $asset_immutable";`
			`access_log off; # Optional: Don't log access to assets`

			`location ~ \.wasm$ {`
			`default_type application/wasm;`
			`}`
			`}`

			`location ~ \.woff2?$ {`
			`try_files $uri /index.php$request_uri;`
			`expires 7d;`
			`access_log off;`
			`}`

			`location /remote {`
			`return 301 /remote.php$request_uri;`
			`}`

			`location / {`
			`try_files $uri $uri/ /index.php$request_uri;`
			`}`

			`}`