diff --git a/roles/owncloud/templates/vhost.j2 b/roles/owncloud/templates/vhost.j2 index 2250c3b..4344160 100644 --- a/roles/owncloud/templates/vhost.j2 +++ b/roles/owncloud/templates/vhost.j2 @@ -25,14 +25,42 @@ server { root /var/www/owncloud/; - location ~ \.php$ { - try_files $uri =404; + # set max upload size + client_max_body_size 1G; + fastcgi_buffers 64 4K; + + # Disable gzip to avoid the removal of the ETag header + gzip off; + + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + rewrite ^/.well-known/carddav /remote.php/dav/ permanent; + rewrite ^/.well-known/caldav /remote.php/dav/ permanent; + + location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location / { + rewrite ^/remote/(.*) /remote.php last; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ =404; + } + + location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - # With php5-fpm: - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_index index.php; include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_intercept_errors on; } }