summarylogtreecommitdiffstats
path: root/example_nginx_vhost.conf
blob: f149c6393bfa8807650cc330b960d5ee6f6cd013 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Based on Grant Carthew work : http://pyd.io/nginx/
# And also and vovan work here : https://pyd.io/f/topic/nginx-configuration-for-pydio-6-beta/
# And now reworked for Pydio 6.x based on Pydio wiki

server {
        listen 80;
        server_name pydio.local;

        root /usr/share/webapps/pydio;
        index index.php;

        access_log /var/log/nginx/pydio6.access.log;
        error_log /var/log/nginx/pydio6.error.log;

        client_max_body_size 20G;
        client_body_buffer_size 128k;

        location ^~ (/dashboard|/settings|/welcome|/ws-) {
            try_files /index.php =404;
        }

        location ^~ /shares {
            try_files /dav.php =404;
        }
        location ^~ /api {
            try_files /rest.php =404;
        }
        location ^~ /user {
            try_files ./index.php?get_action=user_access_point =404;
        }

        location ~ ^/data/public/([a-zA-Z0-9_-]+)\.php$ {
            try_files /data/public/share.php?hash=$1 =404;
        }

        location ^~ ^/data/public/([a-zA-Z0-9_-]+)--([a-z]+)$ {
            try_files /data/public/share.php?hash=$1&lang=$2 =404;
        }

        location ^~ ^/data/public/([a-zA-Z0-9_-]+)$ {
            try_files /data/public/share.php?hash=$1&lang=$2 =404;
        }

        # Prevent Clickjacking
        add_header X-Frame-Options "SAMEORIGIN";

        # Do not accept DELETE, SEARCH and other methods
        if ( $request_method !~ ^(GET|HEAD|POST|PROPFIND|OPTIONS)$ ) {
                return 444;
        }

        # Drop unauthorized access
        location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) {
                deny all;
        }
        location = /robots.txt  { access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; }

        # Enables PHP
        location ~ \.php {
            # for ^/(index|plugins) request_uri should be changed
            set $request_url $request_uri;
            if ( $uri ~ ^/(index|plugins) ) {
                set $request_url /;
            }
            fastcgi_param  PHP_ADMIN_VALUE "open_basedir=/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/:/var/lib/pydio/";
            fastcgi_param  SCRIPT_FILENAME    $request_filename;
            include        /etc/nginx/fastcgi_params;
            fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
        }

        # Enables Caching
        location ~* \.(ico|css|js)$ {
            expires 7d;
            add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        }
}