# stuff for http block client_max_body_size 1g; # fix error: upstream sent too big header while reading response header from upstream fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; upstream fpm { server egroupware:9000; } # redirects needs to use X-Forwarded-Proto too map $http_x_forwarded_proto $redirectscheme { default $scheme; https https; } server { access_log off; listen 80 default_server; # ssl config (enable following line plus either include or ssl_certificate* line) #listen 443 ssl http2 default_server; #include snippets/snakeoil.conf; # requires ssl-certs package installed! # concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem #ssl_certificate /etc/ssl/private/certificate.pem; #ssl_certificate_key /etc/ssl/private/certificate.pem; # HTTP Strict-Transport-Security header (start with a short max-age!) #add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year server_name _; root /var/www/html; index index.php index.nginx-debian.html index.html index.htm; # other settings client_max_body_size 65M; # EGroupware installed in /usr/share/egroupware location ^~ /egroupware { alias /usr/share/egroupware/; try_files $uri $uri/ =404; location ~ ^/egroupware(/(?U).+\.php) { # do not allow to call files ment to be included only location ~ ^$path/(vendor|[^/]+/(src|setup|inc|vendor))/ { return 404; } alias /usr/share/egroupware; fastcgi_pass fpm; # added to support WebDAV/CalDAV/CardDAV fastcgi_read_timeout 60m; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; # standard Nginx include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/egroupware$1; fastcgi_param DOCUMENT_ROOT /var/www/html; } location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ { access_log off; expires 10d; add_header Pragma public; add_header Cache-Control "public"; location ~ ^/egroupware(/.*)$ { alias /usr/share/egroupware/; try_files $1 =404; } } } # push-server location /egroupware/push { proxy_read_timeout 3600; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass http://push:9501; } # SmallParT videos location /egroupware/smallpart/Resources/Videos { alias /var/lib/egroupware/default/files/smallpart; } # PHP in docroot #location ~ \.php { # fastcgi_pass fpm; # include fastcgi_params; #} # phpmyadmin in /usr/share/phpmyadmin #location /phpmyadmin { # alias /usr/share/phpmyadmin/; # try_files $uri $uri/ =404; # location ~ ^/phpmyadmin(/(?U).+\.php) { # alias /usr/share/phpmyadmin; # fastcgi_pass fpm; # fastcgi_index index.php; # fastcgi_split_path_info ^((?U).+\.php)(.*)$; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; # # standard Nginx # include fastcgi_params; # fastcgi_param DOCUMENT_ROOT /var/www/html; # fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$1; # } #} # ActiveSync support location /Microsoft-Server-ActiveSync { fastcgi_pass fpm; # added to support WebDAV/CalDAV/CardDAV fastcgi_read_timeout 60m; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/activesync/index.php; } # CalDAV & CardDAV autoconfig location ~ ^/.well-known/(caldav|carddav)$ { return 301 $redirectscheme://$host/egroupware/groupdav.php/; } location ~ ^(/principals/users/.*)$ { return 301 $redirectscheme://$host/egroupware/groupdav.php$1; } # OpenID Connect autodiscovery location = /.well-known/openid-configuration { fastcgi_pass fpm; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/openid/well-known-configuration.php; } # Nginx does NOT use index for OPTIONS requests breakng WebDAV # for Windows, which sends OPTIONS / and stalls on Nginx 405 response! # This also redirects all requests to root to EGroupware. location = / { return 301 $redirectscheme://$host/egroupware/index.php; } # redirect /egroupware to /egroupware/ location = /egroupware { return 301 $redirectscheme://$host/egroupware/index.php; } # Collabora sniplet meant to be included in server block of EGroupware vhost # static files location ^~ /loleaflet { proxy_pass http://collabora-key:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://collabora-key:9980; proxy_set_header Host $http_host; } # websockets, download, presentation and image upload location ^~ /lool { proxy_pass http://collabora-key:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } # proxy into rocketchat container location /rocketchat { proxy_pass http://rocketchat:3000; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } # Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!) #location /portainer/ { # proxy_pass http://portainer:9000/; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # proxy_set_header Host $http_host; #} }