From c0e86045323fbf0bf8d8d53f61a20902bb20664e Mon Sep 17 00:00:00 2001
From: dkoao <dkoao@example.com>
Date: Thu, 26 Sep 2019 10:51:46 +0000
Subject: [PATCH] Reduce nginx config duplication by separating the Nextcloud
 config into its own file

---
 conf/nextclound-conf.conf                | 60 ++++++++++++++++++++++++
 conf/nginx-primaryonly-no-nextcloud.conf | 17 -------
 conf/nginx-primaryonly.conf              | 60 ------------------------
 management/web_update.py                 | 10 ++--
 4 files changed, 65 insertions(+), 82 deletions(-)
 create mode 100644 conf/nextclound-conf.conf
 delete mode 100644 conf/nginx-primaryonly-no-nextcloud.conf

diff --git a/conf/nextclound-conf.conf b/conf/nextclound-conf.conf
new file mode 100644
index 00000000..dd7457bf
--- /dev/null
+++ b/conf/nextclound-conf.conf
@@ -0,0 +1,60 @@
+
+	# Nextcloud configuration.
+	rewrite ^/cloud$ /cloud/ redirect;
+	rewrite ^/cloud/$ /cloud/index.php;
+	rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
+	rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
+	rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
+	location /cloud/ {
+		alias /usr/local/lib/owncloud/;
+	 	location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
+	 		deny all;
+	 	}
+	 	location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
+	 		deny all;
+	 	}
+		# Enable paths for service and cloud federation discovery
+		# Resolves warning in Nextcloud Settings panel
+                location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
+                        index index.php;
+                        include fastcgi_params;
+                        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
+                        fastcgi_pass php-fpm;
+                }
+	}
+	location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
+		# note: ~ has precendence over a regular location block
+		# Accept URLs like:
+		# /cloud/index.php/apps/files/
+		# /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
+		# /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
+		# /cloud/remote.php/webdav/yourfilehere...
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
+		fastcgi_param SCRIPT_NAME $1$2;
+		fastcgi_param PATH_INFO $3;
+		fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
+		fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
+		fastcgi_read_timeout 630;
+		fastcgi_pass php-fpm;
+		client_max_body_size 1G;
+		fastcgi_buffers 64 4K;
+	}
+	location ^~ /owncloud-xaccel/ {
+		# This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
+		# path on disk as a subdirectory under this virtual path.
+		# We must only allow 'internal' redirects within nginx so that the filesystem
+		# is not exposed to the world.
+		internal;
+		alias /;
+	}
+	location ~ ^/((caldav|carddav|webdav).*)$ {
+		# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
+		# Properly proxying like this seems to work fine.
+		proxy_pass https://127.0.0.1/cloud/remote.php/$1;
+	}
+	rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
+	rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
+	rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
+	rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
+
diff --git a/conf/nginx-primaryonly-no-nextcloud.conf b/conf/nginx-primaryonly-no-nextcloud.conf
deleted file mode 100644
index 09e1f34a..00000000
--- a/conf/nginx-primaryonly-no-nextcloud.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-	# Control Panel
-	# Proxy /admin to our Python based control panel daemon. It is
-	# listening on IPv4 only so use an IP address and not 'localhost'.
-	location /admin/assets {
-		alias /usr/local/lib/mailinabox/vendor/assets;
-	}
-	rewrite ^/admin$ /admin/;
-	rewrite ^/admin/munin$ /admin/munin/ redirect;
-	location /admin/ {
-		proxy_pass http://127.0.0.1:10222/;
-		proxy_set_header X-Forwarded-For $remote_addr;
-		add_header X-Frame-Options "DENY";
-		add_header X-Content-Type-Options nosniff;
-		add_header Content-Security-Policy "frame-ancestors 'none';";
-	}
-
-	# ADDITIONAL DIRECTIVES HERE
diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 288fce40..9a7576b1 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -14,63 +14,3 @@
 		add_header Content-Security-Policy "frame-ancestors 'none';";
 	}
 
-	# Nextcloud configuration.
-	rewrite ^/cloud$ /cloud/ redirect;
-	rewrite ^/cloud/$ /cloud/index.php;
-	rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
-	rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
-	rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
-	location /cloud/ {
-		alias /usr/local/lib/owncloud/;
-	 	location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
-	 		deny all;
-	 	}
-	 	location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
-	 		deny all;
-	 	}
-		# Enable paths for service and cloud federation discovery
-		# Resolves warning in Nextcloud Settings panel
-                location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
-                        index index.php;
-                        include fastcgi_params;
-                        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
-                        fastcgi_pass php-fpm;
-                }
-	}
-	location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
-		# note: ~ has precendence over a regular location block
-		# Accept URLs like:
-		# /cloud/index.php/apps/files/
-		# /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
-		# /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
-		# /cloud/remote.php/webdav/yourfilehere...
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
-		fastcgi_param SCRIPT_NAME $1$2;
-		fastcgi_param PATH_INFO $3;
-		fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
-		fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
-		fastcgi_read_timeout 630;
-		fastcgi_pass php-fpm;
-		client_max_body_size 1G;
-		fastcgi_buffers 64 4K;
-	}
-	location ^~ /owncloud-xaccel/ {
-		# This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
-		# path on disk as a subdirectory under this virtual path.
-		# We must only allow 'internal' redirects within nginx so that the filesystem
-		# is not exposed to the world.
-		internal;
-		alias /;
-	}
-	location ~ ^/((caldav|carddav|webdav).*)$ {
-		# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
-		# Properly proxying like this seems to work fine.
-		proxy_pass https://127.0.0.1/cloud/remote.php/$1;
-	}
-	rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
-	rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
-	rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
-	rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
-
-	# ADDITIONAL DIRECTIVES HERE
diff --git a/management/web_update.py b/management/web_update.py
index 43bedff3..78be0dac 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -76,17 +76,17 @@ def do_web_update(env):
 	nginx_conf = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-top.conf")).read()
 
 	# Load the templates.
+        template2_nextcloud = ""
 	template0 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read()
 	template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-alldomains.conf")).read()
+	template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read()
         # Check if the user doesn't want Nextcloud.
-        if environ.get('DISABLE_NEXTCLOUD') == '0':
-	    template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly-no-nextcloud.conf")).read()
-        else:
-	    template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read()
+        if environ.get('DISABLE_NEXTCLOUD') != '0':
+	    template2_nextcloud = open(os.path.join(os.path.dirname(__file__), "../conf/nextcloud-conf.conf")).read()
 	template3 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n"
 
 	# Add the PRIMARY_HOST configuration first so it becomes nginx's default server.
-	nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env)
+	nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2_nextcloud, template2], ssl_certificates, env)
 
 	# Add configuration all other web domains.
 	has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env)