nginx_nextcloud_location.conf
· 1.4 KiB · Text
Ham
# Nextcloud conf
# Bloquer l'accès au répertoire de données
location ^~ /data/ {
deny all;
return 403;
}
# Configuration principale du proxy
location / {
proxy_pass $forward_scheme://$server:$port;
# Pour les téléchargements de grands fichiers
client_max_body_size 10G;
proxy_request_buffering off;
proxy_max_temp_file_size 2048M;
fastcgi_buffers 64 4K;
# Ajouter les en-têtes de sécurité
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag "none" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Download-Options "noopen" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
# Autres configurations nécessaires pour Nextcloud
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Ajouter l'en-tête X-Forwarded-Host
proxy_set_header X-Forwarded-Host $host;
}
# Bloquer l'accès à certains types de fichiers sensibles
location ~* \.(gz|bak|old|backup|cert|key)$ {
deny all;
return 404;
}
| 1 | # Nextcloud conf |
| 2 | |
| 3 | # Bloquer l'accès au répertoire de données |
| 4 | location ^~ /data/ { |
| 5 | deny all; |
| 6 | return 403; |
| 7 | } |
| 8 | |
| 9 | # Configuration principale du proxy |
| 10 | location / { |
| 11 | proxy_pass $forward_scheme://$server:$port; |
| 12 | |
| 13 | # Pour les téléchargements de grands fichiers |
| 14 | client_max_body_size 10G; |
| 15 | proxy_request_buffering off; |
| 16 | proxy_max_temp_file_size 2048M; |
| 17 | fastcgi_buffers 64 4K; |
| 18 | |
| 19 | # Ajouter les en-têtes de sécurité |
| 20 | add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; |
| 21 | add_header X-Content-Type-Options "nosniff" always; |
| 22 | add_header X-Frame-Options "SAMEORIGIN" always; |
| 23 | add_header X-XSS-Protection "1; mode=block" always; |
| 24 | add_header X-Robots-Tag "none" always; |
| 25 | add_header Referrer-Policy "no-referrer" always; |
| 26 | add_header X-Download-Options "noopen" always; |
| 27 | add_header X-Permitted-Cross-Domain-Policies "none" always; |
| 28 | |
| 29 | # Autres configurations nécessaires pour Nextcloud |
| 30 | proxy_set_header X-Real-IP $remote_addr; |
| 31 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 32 | proxy_set_header X-Forwarded-Proto $scheme; |
| 33 | proxy_set_header Host $host; |
| 34 | |
| 35 | # Ajouter l'en-tête X-Forwarded-Host |
| 36 | proxy_set_header X-Forwarded-Host $host; |
| 37 | } |
| 38 | |
| 39 | # Bloquer l'accès à certains types de fichiers sensibles |
| 40 | location ~* \.(gz|bak|old|backup|cert|key)$ { |
| 41 | deny all; |
| 42 | return 404; |
| 43 | } |