From f6ea2148f8621e2d8f67a5936f0349ad946a971d Mon Sep 17 00:00:00 2001 From: stubbfel Date: Sun, 27 Jan 2019 16:53:26 +0100 Subject: [PATCH] =?UTF-8?q?=E2=80=9Eservices/nextcloud.nix=E2=80=9C=20?= =?UTF-8?q?=C3=A4ndern?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/nextcloud.nix | 89 ++++++++++++++++++++++++++---------------- 1 file changed, 55 insertions(+), 34 deletions(-) diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 6a1d86b..f0b510f 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -30,41 +30,58 @@ ''; locations = { - "/robots.txt" = { - extraConfig = "allow all;"; - }; - "/.well-known/carddav" = { - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - "/.well-known/caldav" = { - extraConfig = "return 301 $scheme://$host/remote.php/dav;"; - }; - # Root - "/" = { - extraConfig = '' - rewrite ^ /index.php$uri; - ''; - }; - # PHP files - "~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\\.php(?:$|/)" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.*)$; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass unix:/run/phpfpm/nextcloud.sock; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - ''; - }; + "= /robots.txt" = { + priority = 100; + extraConfig = '' + allow all; + log_not_found off; + access_log off; + ''; + }; + "/" = { + priority = 200; + extraConfig = "rewrite ^ /index.php$uri;"; + }; + "~ ^/store-apps" = { + priority = 201; + extraConfig = "root ${cfg.home};"; + }; + "= /.well-known/carddav" = { + priority = 210; + extraConfig = "return 301 $scheme://$host/remote.php/dav;"; + }; + "= /.well-known/caldav" = { + priority = 210; + extraConfig = "return 301 $scheme://$host/remote.php/dav;"; + }; + "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/" = { + priority = 300; + extraConfig = "deny all;"; + }; + "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { + priority = 300; + extraConfig = "deny all;"; + }; + "~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\\.php(?:$|/)" = { + priority = 500; + extraConfig = '' + include ${pkgs.nginxMainline}/conf/fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS ${if cfg.https then "on" else "off"}; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass unix:/run/phpfpm/nextcloud; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + fastcgi_read_timeout 120s; + ''; + }; - "~ ^/(?:updater|ocs-provider)(?:$|/)" = { - tryFiles = "$uri/ =404"; - index = "index.php"; - }; + "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + try_files $uri/ =404; + index index.php; + ''; # CSS and JavaScript files "~* ^/(?!apps-local).*\\.(?:css|js)$" = { tryFiles = "$uri /index.php$request_uri"; @@ -111,6 +128,10 @@ "~ ^/(?:build|tests|config|lib|3rdparty|templates|data|\\.|autotest|occ|issue|indie|db_|console)" = { extraConfig = "deny all;"; }; + "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' + try_files $uri /index.php$uri$is_args$args; + access_log off; + ''; }; };