forked from extern/egroupware
180 lines
5.4 KiB
Nginx Configuration File
180 lines
5.4 KiB
Nginx Configuration File
# stuff for http block
|
|
client_max_body_size 1g;
|
|
# fix error: upstream sent too big header while reading response header from upstream
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
upstream fpm {
|
|
server egroupware:9000;
|
|
}
|
|
|
|
server {
|
|
access_log off;
|
|
|
|
listen 80 default_server;
|
|
|
|
# ssl config (enable following line plus either include or ssl_certificate* line)
|
|
#listen 443 ssl http2 default_server;
|
|
#include snippets/snakeoil.conf; # requires ssl-certs package installed!
|
|
# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
|
|
#ssl_certificate /etc/ssl/private/certificate.pem;
|
|
#ssl_certificate_key /etc/ssl/private/certificate.pem;
|
|
# HTTP Strict-Transport-Security header (start with a short max-age!)
|
|
#add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year
|
|
|
|
server_name _;
|
|
root /var/www;
|
|
|
|
index index.php index.html index.htm;
|
|
|
|
# EGroupware installed in /var/www/egroupware
|
|
location ^~ /egroupware {
|
|
alias /var/www/egroupware/;
|
|
try_files $uri $uri/ =404;
|
|
location ~ ^/egroupware(/(?U).+\.php) {
|
|
# do not allow to call files ment to be included only
|
|
#location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
|
|
# return 404;
|
|
#}
|
|
alias /var/www/egroupware;
|
|
fastcgi_pass fpm;
|
|
# added to support WebDAV/CalDAV/CardDAV
|
|
fastcgi_read_timeout 60m;
|
|
fastcgi_index index.php;
|
|
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
# standard Nginx
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/egroupware$1;
|
|
fastcgi_param DOCUMENT_ROOT /var/www/html;
|
|
}
|
|
location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
|
|
access_log off;
|
|
expires 10d;
|
|
add_header Pragma public;
|
|
add_header Cache-Control "public";
|
|
location ~ ^/egroupware(/.*)$ {
|
|
alias /var/www/egroupware/;
|
|
try_files $1 =404;
|
|
}
|
|
}
|
|
}
|
|
|
|
# push-server
|
|
location /egroupware/push {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_pass http://push:9501;
|
|
}
|
|
|
|
# PHP in docroot
|
|
location ~ [^/]\.php(/|$) {
|
|
fastcgi_split_path_info ^(.+?\.php)(.*)$;
|
|
if (!-f $document_root$fastcgi_script_name) {
|
|
return 404;
|
|
}
|
|
fastcgi_pass fpm;
|
|
fastcgi_read_timeout 60m;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
}
|
|
|
|
# ActiveSync support
|
|
location /Microsoft-Server-ActiveSync {
|
|
fastcgi_pass fpm;
|
|
# added to support WebDAV/CalDAV/CardDAV
|
|
fastcgi_read_timeout 60m;
|
|
fastcgi_index index.php;
|
|
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/egroupware/activesync/index.php;
|
|
}
|
|
# CalDAV & CardDAV autoconfig
|
|
location ~ ^/.well-known/(caldav|carddav)$ {
|
|
return 301 $scheme://$http_host/egroupware/groupdav.php/;
|
|
}
|
|
location ~ ^(/principals/users/.*)$ {
|
|
return 301 $scheme://$http_host/egroupware/groupdav.php$1;
|
|
}
|
|
# OpenID Connect autodiscovery
|
|
location = /.well-known/openid-configuration {
|
|
fastcgi_pass fpm;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/egroupware/openid/well-known-configuration.php;
|
|
}
|
|
# Nginx does NOT use index for OPTIONS requests breakng WebDAV
|
|
# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
|
|
# This also redirects all requests to root to EGroupware.
|
|
location = / {
|
|
return 301 $scheme://$http_host/egroupware/index.php;
|
|
}
|
|
# redirect /egroupware to /egroupware/
|
|
location = /egroupware {
|
|
return 301 $scheme://$host/egroupware/index.php;
|
|
}
|
|
|
|
# Collabora sniplet meant to be included in server block of EGroupware vhost
|
|
# static files
|
|
location ^~ /loleaflet {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
# Collabora/CODE 21.11+
|
|
location ^~ /browser {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# WOPI discovery URL
|
|
location ^~ /hosting/discovery {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# Capabilities
|
|
location ^~ /hosting/capabilities {
|
|
proxy_pass http://127.0.0.1:9980;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# websockets, download, presentation and image upload
|
|
location ^~ /lool {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_read_timeout 36000s;
|
|
}
|
|
# Collabora/CODE 21.11+
|
|
location ^~ /cool {
|
|
proxy_pass http://collabora-key:9980;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_read_timeout 36000s;
|
|
}
|
|
|
|
# proxy into rocketchat container
|
|
location /rocketchat {
|
|
proxy_pass http://rocketchat:3000;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
# Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!)
|
|
#location /portainer/ {
|
|
# proxy_pass http://portainer:9000/;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
# proxy_set_header Host $http_host;
|
|
#}
|
|
} |