# Control Panel # Proxy /admin to our Python based control panel daemon. It is # listening on IPv4 only so use an IP address and not 'localhost'. rewrite ^/admin$ /admin/; location /admin/ { proxy_pass http://127.0.0.1:10222/; proxy_set_header X-Forwarded-For $remote_addr; } # ownCloud configuration. rewrite ^/cloud$ /cloud/ redirect; rewrite ^/cloud/$ /cloud/index.php; rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; location /cloud/ { alias /usr/local/lib/owncloud/; location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } } location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ { # note: ~ has precendence over a regular location block # Accept URLs like: # /cloud/index.php/apps/files/ # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d) # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240) # /cloud/remote.php/webdav/yourfilehere... include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; fastcgi_param SCRIPT_NAME $1$2; fastcgi_param PATH_INFO $3; # TODO: see the dispreferred "method 2" for xaccel at https://doc.owncloud.org/server/8.1/admin_manual/configuration_files/serving_static_files_configuration.html fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_read_timeout 630; fastcgi_pass php-fpm; error_page 403 /cloud/core/templates/403.php; error_page 404 /cloud/core/templates/404.php; client_max_body_size 1G; fastcgi_buffers 64 4K; } location ^~ $STORAGE_ROOT/owncloud { # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. It works a little weird. # The full path on disk of the file is passed as the URL path. ownCloud 8 totally # busted the sane way this worked in ownCloud 7. There's a pending change using # a new parameter to make this make more sense. # We need to only allow 'internal' redirects within nginx so that the filesystem # is not exposed to the world. internal; alias $STORAGE_ROOT/owncloud; } location ~ ^/((caldav|carddav|webdav).*)$ { # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. # Properly proxying like this seems to work fine. proxy_pass https://$HOSTNAME/cloud/remote.php/$1; } rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;