## $HOSTNAME # Redirect all HTTP to HTTPS. server { listen 80; listen [::]:80; server_name $HOSTNAME; root /tmp/invalid-path-nothing-here; rewrite ^/(.*)$ https://$HOSTNAME/$1 permanent; } # The secure HTTPS server. server { listen 443 ssl; server_name $HOSTNAME; ssl_certificate $SSL_CERTIFICATE; ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; # Expose this directory as static files. root $ROOT; index index.html index.htm; # Roundcube Webmail configuration. rewrite ^/mail$ /mail/ redirect; rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; alias /usr/local/lib/roundcubemail/; } location ~ /mail/config/.* { # A ~-style location is needed to give this precedence over the next block. return 403; } location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_pass php-fpm; client_max_body_size 20M; } # ownCloud configuration. rewrite ^/cloud$ /cloud/ redirect; rewrite ^/cloud/$ /cloud/index.php; rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; location /cloud/ { alias /usr/local/lib/owncloud/; location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } } location ~ ^(/cloud)(/.+\.php)(/.*)?$ { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; fastcgi_param SCRIPT_NAME $1$2; fastcgi_param PATH_INFO $3; fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_read_timeout 630; fastcgi_pass php-fpm; error_page 403 /cloud/core/templates/403.php; error_page 404 /cloud/core/templates/404.php; client_max_body_size 1G; fastcgi_buffers 64 4K; } location ^~ /cloud/data { # In order to support MOD_X_ACCEL_REDIRECT_ENABLED, we need to expose # the data directory but only allow 'internal' redirects within nginx # so that this is not exposed to the world. internal; alias $STORAGE_ROOT/owncloud; } location ~ ^/((caldav|carddav|webdav).*)$ { # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. # Properly proxying like this seems to work fine. proxy_pass https://$HOSTNAME/cloud/remote.php/$1; } rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; # Webfinger configuration. location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; fastcgi_pass php-fpm; } # Microsoft Exchange autodiscover.xml for email location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-exchange-autodiscover.php; fastcgi_pass php-fpm; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; fastcgi_read_timeout 630; fastcgi_pass php-fpm; } # ADDITIONAL DIRECTIVES HERE }