Erreur32 revised this gist 2 years ago. Go to revision
1 file changed, 43 insertions
nginx_nextcloud_location.conf(file created)
| @@ -0,0 +1,43 @@ | |||
| 1 | + | # Nextcloud conf | |
| 2 | + | ||
| 3 | + | # Bloquer l'accès au répertoire de données | |
| 4 | + | location ^~ /data/ { | |
| 5 | + | deny all; | |
| 6 | + | return 403; | |
| 7 | + | } | |
| 8 | + | ||
| 9 | + | # Configuration principale du proxy | |
| 10 | + | location / { | |
| 11 | + | proxy_pass $forward_scheme://$server:$port; | |
| 12 | + | ||
| 13 | + | # Pour les téléchargements de grands fichiers | |
| 14 | + | client_max_body_size 10G; | |
| 15 | + | proxy_request_buffering off; | |
| 16 | + | proxy_max_temp_file_size 2048M; | |
| 17 | + | fastcgi_buffers 64 4K; | |
| 18 | + | ||
| 19 | + | # Ajouter les en-têtes de sécurité | |
| 20 | + | add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; | |
| 21 | + | add_header X-Content-Type-Options "nosniff" always; | |
| 22 | + | add_header X-Frame-Options "SAMEORIGIN" always; | |
| 23 | + | add_header X-XSS-Protection "1; mode=block" always; | |
| 24 | + | add_header X-Robots-Tag "none" always; | |
| 25 | + | add_header Referrer-Policy "no-referrer" always; | |
| 26 | + | add_header X-Download-Options "noopen" always; | |
| 27 | + | add_header X-Permitted-Cross-Domain-Policies "none" always; | |
| 28 | + | ||
| 29 | + | # Autres configurations nécessaires pour Nextcloud | |
| 30 | + | proxy_set_header X-Real-IP $remote_addr; | |
| 31 | + | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| 32 | + | proxy_set_header X-Forwarded-Proto $scheme; | |
| 33 | + | proxy_set_header Host $host; | |
| 34 | + | ||
| 35 | + | # Ajouter l'en-tête X-Forwarded-Host | |
| 36 | + | proxy_set_header X-Forwarded-Host $host; | |
| 37 | + | } | |
| 38 | + | ||
| 39 | + | # Bloquer l'accès à certains types de fichiers sensibles | |
| 40 | + | location ~* \.(gz|bak|old|backup|cert|key)$ { | |
| 41 | + | deny all; | |
| 42 | + | return 404; | |
| 43 | + | } | |
Newer
Older