# /etc/nginx/sites-available/egroupware-nginx.conf # need to be symlinked to /etc/nginx/sites-enabled/ and nginx -s reload (after removing default!) # stuff for http block client_max_body_size 1g; server { listen 80 default_server; # ssl config (enable following line plus either include or ssl_certificate* line) #listen 443 ssl http2 default_server; #include snippets/snakeoil.conf; # requires ssl-certs package installed! # concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem #ssl_certificate /etc/ssl/private/certificate.pem; #ssl_certificate_key /etc/ssl/private/certificate.pem; # HTTP Strict-Transport-Security header (start with a short max-age!) #add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year # A free of charge ssl certificate can be obtained from https://letsencrypt.org # Instrunctions for Ubuntu 16.04 are eg. available at # https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 # Just use /etc/egroupware/nginx.conf instead of /etc/nginx/sites-available/default server_name _; root /var/www/html; index index.php index.nginx-debian.html index.html index.htm; # include other EGroupware parts like Collabora include app.d/egroupware*.conf; # other settings client_max_body_size 65M; # EGroupware installed in /usr/share/egroupware location ^~ /egroupware { alias /usr/share/egroupware/; try_files $uri $uri/ =404; location ~ ^/egroupware(/(?U).+\.php) { alias /usr/share/egroupware; fastcgi_pass unix:/run/php/php7.0-fpm.sock; # added to support WebDAV/CalDAV/CardDAV fastcgi_read_timeout 60m; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; # standard Nginx include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/egroupware$1; fastcgi_param DOCUMENT_ROOT /var/www/html; } location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ { access_log off; expires 10d; add_header Pragma public; add_header Cache-Control "public"; location ~ ^/egroupware(/.*)$ { alias /usr/share/egroupware/; try_files $1 =404; } } } # PHP in docroot #location ~ \.php { # fastcgi_pass unix:/run/php/php7.0-fpm.sock; # include fastcgi_params; #} # ActiveSync support location /Microsoft-Server-ActiveSync { fastcgi_pass unix:/run/php/php7.0-fpm.sock; # added to support WebDAV/CalDAV/CardDAV fastcgi_read_timeout 60m; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/activesync/index.php; } # CalDAV & CardDAV autoconfig location ~ ^/.well-known/(caldav|carddav)$ { return 301 $scheme://$host/egroupware/groupdav.php/; } location ~ ^(/principals/users/.*)$ { return 301 $scheme://$host/egroupware/groupdav.php$1; } # Nginx does NOT use index for OPTIONS requests breakng WebDAV # for Windows, which sends OPTIONS / and stalls on Nginx 405 response! # This also redirects all requests to root to EGroupware. location = / { return 301 $scheme://$host/egroupware/index.php; } }