mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-01-23 12:37:05 +00:00
a4a2d4a8b4
for large number of domains or slow boxes (or both), the default nginx 60 second read timeout can result in admin panel errors on pages like status or tls certs
83 lines
3.3 KiB
Plaintext
83 lines
3.3 KiB
Plaintext
# Control Panel
|
|
# Proxy /admin to our Python based control panel daemon. It is
|
|
# listening on IPv4 only so use an IP address and not 'localhost'.
|
|
location /admin/assets {
|
|
alias /usr/local/lib/mailinabox/vendor/assets;
|
|
}
|
|
rewrite ^/admin$ /admin/;
|
|
rewrite ^/admin/munin$ /admin/munin/ redirect;
|
|
location /admin/ {
|
|
proxy_pass http://127.0.0.1:10222/;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_read_timeout 300s;
|
|
add_header X-Frame-Options "DENY";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header Content-Security-Policy "frame-ancestors 'none';";
|
|
}
|
|
|
|
# Nextcloud configuration.
|
|
rewrite ^/cloud$ /cloud/ redirect;
|
|
rewrite ^/cloud/$ /cloud/index.php;
|
|
rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
|
|
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
|
|
rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
|
|
location /cloud/ {
|
|
alias /usr/local/lib/owncloud/;
|
|
location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
|
|
deny all;
|
|
}
|
|
location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|
deny all;
|
|
}
|
|
# Enable paths for service and cloud federation discovery
|
|
# Resolves warning in Nextcloud Settings panel
|
|
location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
|
|
index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
|
|
fastcgi_pass php-fpm;
|
|
}
|
|
}
|
|
location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
|
|
# note: ~ has precedence over a regular location block
|
|
# Accept URLs like:
|
|
# /cloud/index.php/apps/files/
|
|
# /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
|
|
# /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
|
|
# /cloud/remote.php/webdav/yourfilehere...
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
|
|
fastcgi_param SCRIPT_NAME $1$2;
|
|
fastcgi_param PATH_INFO $3;
|
|
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
|
|
fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
|
|
fastcgi_read_timeout 630;
|
|
fastcgi_pass php-fpm;
|
|
client_max_body_size 1G;
|
|
fastcgi_buffers 64 4K;
|
|
}
|
|
location ^~ /owncloud-xaccel/ {
|
|
# This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
|
|
# path on disk as a subdirectory under this virtual path.
|
|
# We must only allow 'internal' redirects within nginx so that the filesystem
|
|
# is not exposed to the world.
|
|
internal;
|
|
alias /;
|
|
}
|
|
location ~ ^/((caldav|carddav|webdav).*)$ {
|
|
# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
|
|
# Properly proxying like this seems to work fine.
|
|
proxy_pass https://127.0.0.1/cloud/remote.php/$1;
|
|
}
|
|
rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
|
|
rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
|
|
rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
|
|
rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
|
|
|
|
# This addresses those service discovery issues mentioned in:
|
|
# https://docs.nextcloud.com/server/23/admin_manual/issues/general_troubleshooting.html#service-discovery
|
|
rewrite ^/.well-known/webfinger /cloud/index.php/.well-known/webfinger redirect;
|
|
rewrite ^/.well-known/nodeinfo /cloud/index.php/.well-known/nodeinfo redirect;
|
|
|
|
# ADDITIONAL DIRECTIVES HERE
|