# stuff for http block client_max_body_size 1g; # fix error: upstream sent too big header while reading response header from upstream fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; upstream fpm { server egroupware:9000; } server { access_log off; listen 80 default_server; # ssl config (enable following line plus either include or ssl_certificate* line) #listen 443 ssl http2 default_server; #include snippets/snakeoil.conf; # requires ssl-certs package installed! # concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem #ssl_certificate /etc/ssl/private/certificate.pem; #ssl_certificate_key /etc/ssl/private/certificate.pem; # HTTP Strict-Transport-Security header (start with a short max-age!) #add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year server_name _; root /var/www; index index.php index.html index.htm; # EGroupware installed in /var/www/egroupware location ^~ /egroupware { alias /var/www/egroupware/; try_files $uri $uri/ =404; location ~ ^/egroupware(/(?U).+\.php) { # do not allow to call files ment to be included only #location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ { # return 404; #} alias /var/www/egroupware; fastcgi_pass fpm; # added to support WebDAV/CalDAV/CardDAV fastcgi_read_timeout 60m; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; # standard Nginx include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/egroupware$1; fastcgi_param DOCUMENT_ROOT /var/www/html; } location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ { access_log off; expires 10d; add_header Pragma public; add_header Cache-Control "public"; location ~ ^/egroupware(/.*)$ { alias /var/www/egroupware/; try_files $1 =404; } } } # push-server location /egroupware/push { proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass http://push:9501; } # PHP in docroot location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass fpm; fastcgi_read_timeout 60m; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; } # ActiveSync support location /Microsoft-Server-ActiveSync { fastcgi_pass fpm; # added to support WebDAV/CalDAV/CardDAV fastcgi_read_timeout 60m; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/egroupware/activesync/index.php; } # CalDAV & CardDAV autoconfig location ~ ^/.well-known/(caldav|carddav)$ { return 301 $scheme://$http_host/egroupware/groupdav.php/; } location ~ ^(/principals/users/.*)$ { return 301 $scheme://$http_host/egroupware/groupdav.php$1; } # OpenID Connect autodiscovery location = /.well-known/openid-configuration { fastcgi_pass fpm; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/egroupware/openid/well-known-configuration.php; } # Nginx does NOT use index for OPTIONS requests breakng WebDAV # for Windows, which sends OPTIONS / and stalls on Nginx 405 response! # This also redirects all requests to root to EGroupware. location = / { return 301 $scheme://$http_host/egroupware/index.php; } # redirect /egroupware to /egroupware/ location = /egroupware { return 301 $scheme://$host/egroupware/index.php; } # Collabora sniplet meant to be included in server block of EGroupware vhost # static files location ^~ /loleaflet { proxy_pass http://collabora-key:9980; proxy_set_header Host $http_host; } # Collabora/CODE 21.11+ location ^~ /browser { proxy_pass http://collabora-key:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://collabora-key:9980; proxy_set_header Host $http_host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # websockets, download, presentation and image upload location ^~ /lool { proxy_pass http://collabora-key:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # Collabora/CODE 21.11+ location ^~ /cool { proxy_pass http://collabora-key:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # proxy into rocketchat container location /rocketchat { proxy_pass http://rocketchat:3000; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } # Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!) #location /portainer/ { # proxy_pass http://portainer:9000/; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # proxy_set_header Host $http_host; #} }