Eu usei o Nextcloud com o Nginx por um tempo, mas achei que funcionou melhor para mim no Apache e eu acabei de voltar. No entanto, salvei a configuração do servidor Nginx que usei recentemente e isso é testado e funciona com o Nextcloud 11 em execução no 16.04.
Eu removi algumas das personalizações de TLS que eu uso, e este exemplo redireciona example.com para www.example.com, veiculando Nextcloud do domínio raiz e não do diretório / nextcloud. Eu também alterei o tamanho máximo de upload para 1Gb (GB?).
Espero que isso ajude:
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
server {
# The basics
listen 80;
server_name example.com www.example.com;
# Redirect HTTP > HTTPS
return 301 https://$server_name$request_uri;
}
server {
# The basics
listen 443 ssl http2;
server_name example.com;
# HTTPS
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# Redirect no-www to www
return 301 https://www.example.com$request_uri;
}
server {
# The basics
server_name www.example.com;
root /var/www/example.com;
index index.html;
# HTTPS
listen 443 ssl http2;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
# Security
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Disallow accessing dotfiles ('/.well-known/' is allowed)
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:build|tests|config|lib|3rdparty|templates|data|bak|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
deny all;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# Max upload size
client_max_body_size 1G;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}