mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-07 16:44:07 +01:00
f2079ccb49
also fix wrong path for sources-push volume
192 lines
5.9 KiB
Nginx Configuration File
192 lines
5.9 KiB
Nginx Configuration File
# stuff for http block
|
|
client_max_body_size 1g;
|
|
# fix error: upstream sent too big header while reading response header from upstream
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
upstream fpm {
|
|
server egroupware:9000;
|
|
}
|
|
|
|
# redirects needs to use X-Forwarded-Proto too
|
|
map $http_x_forwarded_proto $redirectscheme {
|
|
default $scheme;
|
|
https https;
|
|
}
|
|
|
|
server {
|
|
access_log off;
|
|
|
|
listen 80 default_server;
|
|
|
|
# ssl config (enable following line plus either include or ssl_certificate* line)
|
|
#listen 443 ssl http2 default_server;
|
|
#include snippets/snakeoil.conf; # requires ssl-certs package installed!
|
|
# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
|
|
#ssl_certificate /etc/ssl/private/certificate.pem;
|
|
#ssl_certificate_key /etc/ssl/private/certificate.pem;
|
|
# HTTP Strict-Transport-Security header (start with a short max-age!)
|
|
#add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year
|
|
|
|
server_name _;
|
|
root /var/www/html;
|
|
|
|
index index.php index.nginx-debian.html index.html index.htm;
|
|
|
|
# other settings
|
|
client_max_body_size 65M;
|
|
|
|
# EGroupware installed in /usr/share/egroupware
|
|
location ^~ /egroupware {
|
|
alias /usr/share/egroupware/;
|
|
try_files $uri $uri/ =404;
|
|
location ~ ^/egroupware(/(?U).+\.php) {
|
|
# do not allow to call files ment to be included only
|
|
location ~ ^$path/(vendor|[^/]+/(src|setup|inc|vendor))/ {
|
|
return 404;
|
|
}
|
|
alias /usr/share/egroupware;
|
|
fastcgi_pass fpm;
|
|
# added to support WebDAV/CalDAV/CardDAV
|
|
fastcgi_read_timeout 60m;
|
|
fastcgi_index index.php;
|
|
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
# standard Nginx
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /usr/share/egroupware$1;
|
|
fastcgi_param DOCUMENT_ROOT /var/www/html;
|
|
}
|
|
location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
|
|
access_log off;
|
|
expires 10d;
|
|
add_header Pragma public;
|
|
add_header Cache-Control "public";
|
|
location ~ ^/egroupware(/.*)$ {
|
|
alias /usr/share/egroupware/;
|
|
try_files $1 =404;
|
|
}
|
|
}
|
|
}
|
|
|
|
# push-server
|
|
location /egroupware/push {
|
|
proxy_read_timeout 3600;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_pass http://push:9501;
|
|
}
|
|
|
|
# SmallParT videos
|
|
location /egroupware/smallpart/Resources/Videos {
|
|
alias /var/lib/egroupware/default/files/smallpart;
|
|
}
|
|
|
|
# PHP in docroot
|
|
#location ~ \.php {
|
|
# fastcgi_pass fpm;
|
|
# include fastcgi_params;
|
|
#}
|
|
|
|
# phpmyadmin in /usr/share/phpmyadmin
|
|
#location /phpmyadmin {
|
|
# alias /usr/share/phpmyadmin/;
|
|
# try_files $uri $uri/ =404;
|
|
# location ~ ^/phpmyadmin(/(?U).+\.php) {
|
|
# alias /usr/share/phpmyadmin;
|
|
# fastcgi_pass fpm;
|
|
# fastcgi_index index.php;
|
|
# fastcgi_split_path_info ^((?U).+\.php)(.*)$;
|
|
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
# fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
# fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
# # standard Nginx
|
|
# include fastcgi_params;
|
|
# fastcgi_param DOCUMENT_ROOT /var/www/html;
|
|
# fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$1;
|
|
# }
|
|
#}
|
|
|
|
# ActiveSync support
|
|
location /Microsoft-Server-ActiveSync {
|
|
fastcgi_pass fpm;
|
|
# added to support WebDAV/CalDAV/CardDAV
|
|
fastcgi_read_timeout 60m;
|
|
fastcgi_index index.php;
|
|
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/activesync/index.php;
|
|
}
|
|
# CalDAV & CardDAV autoconfig
|
|
location ~ ^/.well-known/(caldav|carddav)$ {
|
|
return 301 $redirectscheme://$host/egroupware/groupdav.php/;
|
|
}
|
|
location ~ ^(/principals/users/.*)$ {
|
|
return 301 $redirectscheme://$host/egroupware/groupdav.php$1;
|
|
}
|
|
# OpenID Connect autodiscovery
|
|
location = /.well-known/openid-configuration {
|
|
fastcgi_pass fpm;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/openid/well-known-configuration.php;
|
|
}
|
|
# Nginx does NOT use index for OPTIONS requests breakng WebDAV
|
|
# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
|
|
# This also redirects all requests to root to EGroupware.
|
|
location = / {
|
|
return 301 $redirectscheme://$host/egroupware/index.php;
|
|
}
|
|
# redirect /egroupware to /egroupware/
|
|
location = /egroupware {
|
|
return 301 $redirectscheme://$host/egroupware/index.php;
|
|
}
|
|
|
|
# Collabora sniplet meant to be included in server block of EGroupware vhost
|
|
# static files
|
|
location ^~ /browser {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# WOPI discovery URL
|
|
location ^~ /hosting/discovery {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# Capabilities
|
|
location ^~ /hosting/capabilities {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# websockets, download, presentation and image upload
|
|
location ^~ /cool {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# proxy into rocketchat container
|
|
location /rocketchat {
|
|
proxy_pass http://rocketchat:3000;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!)
|
|
#location /portainer/ {
|
|
# proxy_pass http://portainer:9000/;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
# proxy_set_header Host $http_host;
|
|
#}
|
|
} |