# stuff for http block
client_max_body_size 1g;
# fix error: upstream sent too big header while reading response header from upstream
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
upstream fpm {
server egroupware:9000;
}
server {
access_log off;
listen 80 default_server;
# ssl config (enable following line plus either include or ssl_certificate* line)
#listen 443 ssl http2 default_server;
#include snippets/snakeoil.conf; # requires ssl-certs package installed!
# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
#ssl_certificate /etc/ssl/private/certificate.pem;
#ssl_certificate_key /etc/ssl/private/certificate.pem;
# HTTP Strict-Transport-Security header (start with a short max-age!)
#add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year
server_name _;
root /var/www;
index index.php index.html index.htm;
# EGroupware installed in /var/www/egroupware
location ^~ /egroupware {
alias /var/www/egroupware/;
try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only
#location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
# return 404;
#}
alias /var/www/egroupware;
fastcgi_pass fpm;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware$1;
fastcgi_param DOCUMENT_ROOT /var/www/html;
}
location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
access_log off;
expires 10d;
add_header Pragma public;
add_header Cache-Control "public";
location ~ ^/egroupware(/.*)$ {
alias /var/www/egroupware/;
try_files $1 =404;
}
}
}
# push-server
location /egroupware/push {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://push:9501;
}
# PHP in docroot
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass fpm;
fastcgi_read_timeout 60m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# ActiveSync support
location /Microsoft-Server-ActiveSync {
fastcgi_pass fpm;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware/activesync/index.php;
}
# CalDAV & CardDAV autoconfig
location ~ ^/.well-known/(caldav|carddav)$ {
return 301 $scheme://$http_host/egroupware/groupdav.php/;
}
location ~ ^(/principals/users/.*)$ {
return 301 $scheme://$http_host/egroupware/groupdav.php$1;
}
# OpenID Connect autodiscovery
location = /.well-known/openid-configuration {
fastcgi_pass fpm;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware/openid/well-known-configuration.php;
}
# Nginx does NOT use index for OPTIONS requests breakng WebDAV
# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
# This also redirects all requests to root to EGroupware.
location = / {
return 301 $scheme://$http_host/egroupware/index.php;
}
# redirect /egroupware to /egroupware/
location = /egroupware {
return 301 $scheme://$host/egroupware/index.php;
}
# Collabora sniplet meant to be included in server block of EGroupware vhost
# static files
location ^~ /loleaflet {
proxy_pass http://collabora-key:9980;
proxy_set_header Host $http_host;
}
# Collabora/CODE 21.11+
location ^~ /browser {
proxy_pass http://collabora-key:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://collabora-key:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass http://collabora-key:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# Collabora/CODE 21.11+
location ^~ /cool {
proxy_pass http://collabora-key:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# proxy into rocketchat container
location /rocketchat {
proxy_pass http://rocketchat:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
# phpMyAdmin
location ^~ /phpmyadmin/ {
proxy_pass http://phpmyadmin/;
#include proxy_params;
proxy_read_timeout 60m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!)
#location /portainer/ {
# proxy_pass http://portainer:9000/;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $http_host;
#}
}