ansible-OwnCloud/templates/nginx/owncloud.j2

upstream php-handler {
  server unix:/run/php/php7.0-fpm.sock;
}

server {
  listen 80;
  server_name {{ owncloud_hostname }};

  # Add headers to serve security related headers
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  add_header X-Content-Type-Options nosniff;
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;

  # Path to the root of your installation
  root /var/www/owncloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

  # The following 2 rules are only needed for the user_webfinger app.
  # Uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }

  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }

  location / {

    rewrite ^/remote/(.*) /remote.php last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
}
1.0 9 years ago			`upstream php-handler {`
			`server unix:/run/php/php7.0-fpm.sock;`
			`}`

			`server {`
			`listen 80;`
			`server_name {{ owncloud_hostname }};`

			`# Add headers to serve security related headers`
			`add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-Frame-Options "SAMEORIGIN";`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header X-Robots-Tag none;`
			`add_header X-Download-Options noopen;`
			`add_header X-Permitted-Cross-Domain-Policies none;`

			`# Path to the root of your installation`
			`root /var/www/owncloud/;`
			`# set max upload size`
			`client_max_body_size 10G;`
			`fastcgi_buffers 64 4K;`

			`# Disable gzip to avoid the removal of the ETag header`
			`gzip off;`

			`index index.php;`
			`error_page 403 /core/templates/403.php;`
			`error_page 404 /core/templates/404.php;`

			`rewrite ^/.well-known/carddav /remote.php/dav/ permanent;`
			`rewrite ^/.well-known/caldav /remote.php/dav/ permanent;`

			`# The following 2 rules are only needed for the user_webfinger app.`
			`# Uncomment it if you're planning to use this app.`
			`#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;`
			`#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;`

			`location = /robots.txt {`
			`allow all;`
			`log_not_found off;`
			`access_log off;`
			`}`

			`location ~ ^/(build\|tests\|config\|lib\|3rdparty\|templates\|data)/ {`
			`deny all;`
			`}`

			`location ~ ^/(?:\.\|autotest\|occ\|issue\|indie\|db_\|console) {`
			`deny all;`
			`}`

			`location / {`

			`rewrite ^/remote/(.*) /remote.php last;`

			`rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;`

			`try_files $uri $uri/ =404;`
			`}`

			`location ~ \.php(?:$\|/) {`
			`fastcgi_split_path_info ^(.+\.php)(/.+)$;`
			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`fastcgi_param PATH_INFO $fastcgi_path_info;`
			`fastcgi_param HTTPS on;`
			`fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice`
			`fastcgi_pass php-handler;`
			`fastcgi_intercept_errors on;`
			`}`

			`# Adding the cache control header for js and css files`
			`# Make sure it is BELOW the location ~ \.php(?:$\|/) { block`
			`location ~* \.(?:css\|js)$ {`
			`add_header Cache-Control "public, max-age=7200";`
			`# Add headers to serve security related headers`
			`add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-Frame-Options "SAMEORIGIN";`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header X-Robots-Tag none;`
			`add_header X-Download-Options noopen;`
			`add_header X-Permitted-Cross-Domain-Policies none;`
			`# Optional: Don't log access to assets`
			`access_log off;`
			`}`

			`# Optional: Don't log access to other assets`
			`location ~* \.(?:jpg\|jpeg\|gif\|bmp\|ico\|png\|swf)$ {`
			`access_log off;`
			`}`
			`}`