# Control Panel # Proxy /admin to our Python based control panel daemon. It is # listening on IPv4 only so use an IP address and not 'localhost'. location /admin/assets { alias /usr/local/lib/mailinabox/vendor/assets; } rewrite ^/admin$ /admin/; rewrite ^/admin/munin$ /admin/munin/ redirect; location /admin/ { proxy_pass http://127.0.0.1:10222/; proxy_set_header X-Forwarded-For $remote_addr; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; add_header Content-Security-Policy "frame-ancestors 'none';"; } # Nextcloud configuration. rewrite ^/cloud$ /cloud/ redirect; rewrite ^/cloud/$ /cloud/index.php; rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect; location /cloud/ { alias /usr/local/lib/owncloud/; location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ { deny all; } location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } # Enable paths for service and cloud federation discovery # Resolves warning in Nextcloud Settings panel location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ { index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2; fastcgi_pass php-fpm; } } location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ { # note: ~ has precedence over a regular location block # Accept URLs like: # /cloud/index.php/apps/files/ # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d) # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240) # /cloud/remote.php/webdav/yourfilehere... include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; fastcgi_param SCRIPT_NAME $1$2; fastcgi_param PATH_INFO $3; fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; fastcgi_read_timeout 630; fastcgi_pass php-fpm; client_max_body_size 1G; fastcgi_buffers 64 4K; } location ^~ /owncloud-xaccel/ { # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file # path on disk as a subdirectory under this virtual path. # We must only allow 'internal' redirects within nginx so that the filesystem # is not exposed to the world. internal; alias /; } location ~ ^/((caldav|carddav|webdav).*)$ { # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. # Properly proxying like this seems to work fine. proxy_pass https://127.0.0.1/cloud/remote.php/$1; } rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; # This addresses those service discovery issues mentioned in: # https://docs.nextcloud.com/server/23/admin_manual/issues/general_troubleshooting.html#service-discovery rewrite ^/.well-known/webfinger /cloud/index.php/.well-known/webfinger redirect; rewrite ^/.well-known/nodeinfo /cloud/index.php/.well-known/nodeinfo redirect; # ADDITIONAL DIRECTIVES HERE