scale-catalog/jails/nextcloud/includes/Caddyfile

yourhostnamehere JAIL-IP {

	root   /usr/local/www/nextcloud
	log    /var/log/nextcloud_access.log
	errors /var/log/nextcloud_errors.log

	tls {
		ca https://acme-staging-v02.api.letsencrypt.org/directory
		DNS-PLACEHOLDER
	}

	fastcgi / 127.0.0.1:9000 php {
		env PATH /bin
		env modHeadersAvailable true
		env front_controller_active true
		connect_timeout 60s
		read_timeout 3600s
		send_timeout 300s
	}

	header / {
		Strict-Transport-Security		"max-age=15768000;"
		X-Content-Type-Options			"nosniff"
		X-XSS-Protection			"1; mode=block"
		X-Robots-Tag				"none"
		X-Download-Options			"noopen"
		X-Permitted-Cross-Domain-Policies	"none"
		X-Frame-Options "SAMEORIGIN"
		Referrer-Policy				"no-referrer"
	}

	header /core/fonts {
		Cache-Control				"max-age=604800"
	}

	# checks for images
	rewrite {
		ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
		r ^/index.php/.*$
		to /{1} /index.php?{query}
	}
	
	rewrite {
                r ^/\.well-known/host-meta$
                to /public.php?service=host-meta&{query}
        }
	rewrite {
                r ^/\.well-known/host-meta\.json$
                to /public.php?service=host-meta-json&{query}
        }
	rewrite {
                r ^/\.well-known/webfinger$
                to /public.php?service=webfinger&{query}
        }

	rewrite {
		r ^/index.php/.*$
		to /index.php?{query}
	}

	rewrite / {
		if {path} not_starts_with /remote.php
		if {path} not_starts_with /public.php
		ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf 
		r ^/(.*)$
		to /{1} /index.php{uri}
	}

	rewrite / {
		if {path} not /core/img/favicon.ico
		if {path} not /core/img/manifest.json
		if {path} not_starts_with /remote.php
		if {path} not_starts_with /public.php
		if {path} not_starts_with /cron.php
		if {path} not_starts_with /core/ajax/update.php
		if {path} not_starts_with /status.php
		if {path} not_starts_with /ocs/v1.php
		if {path} not_starts_with /ocs/v2.php
		if {path} not /robots.txt
		if {path} not_starts_with /updater/
		if {path} not_starts_with /ocs-provider/
		if {path} not_starts_with /ocm-provider/ 
		if {path} not_starts_with /.well-known/
		to /index.php{uri}
	}

	# client support (e.g. os x calendar / contacts)
	redir /.well-known/carddav /remote.php/carddav 301
	redir /.well-known/caldav /remote.php/caldav 301

	# remove trailing / as it causes errors with php-fpm
	rewrite {
		r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
		to /remote.php/{1}
	}

	rewrite {
		r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
		to /remote.php/{1}/{2}
	}

	rewrite {
		r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
		to /public.php/{1}
	}

	rewrite {
		r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
		to /public.php/{1}/{2}
	}

	# .htaccess / data / config / ... shouldn't be accessible from outside
	status 404 {
		/.htaccess
		/data
		/config
		/db_structure
		/.xml
		/README
		/3rdparty
		/lib
		/templates
		/occ
		/console.php
	}

}
Jailman v1.1.0 (#24) * set branch (+2 squashed commit) Squashed commit: [e322f24] remove placeholder [8647131] palceholder * Code cleanup and (primarily) consolidation (#21) * set branch * Exit 1 on iocage create failure * - Move jailcreate to global function - Remove Jailcreate.sh * Add dataset creation function * - add test script to test new global changes - also create folder in jail with createmount * fix * make test executable * more verbosity, fixing folder creation * moving global dataset create * move jails to new dataset-mount creation function * remove test jail and test branch-ref * Add Nextcloud (#22) * Basic working nextcloud integration * Enable persistent reinstall of Nextcloud * prepare for dev merge * Licence alert * Add external database and integrated jail * small improvements and update script * Add mariadb to dev (#31) * Working MariaDB config * - Set ZFS settings for DB on Nextcloud and MariaDB - Cleanup MariaDB * prepare for dev merge * Niceify Readme (#34) * put content from master into it * Some readme itteration * more niceification * [WIP} Wiki workflow test (#37) introduce automatic wiki generation * Add Bitwarden support (#35) * Nextcloud-Cleanup for v1.1.0 (#40) * Nextcloud cleanup - add db-type sanity check - remove some integrated db checks - Move ssl to /config/ssl - remove integrated databases * slight default tweaking * fix mariadb install bug * QA cycle 2020-03-13 22:59:05 +00:00			`yourhostnamehere JAIL-IP {`

			`root /usr/local/www/nextcloud`
			`log /var/log/nextcloud_access.log`
			`errors /var/log/nextcloud_errors.log`

			`tls {`
			`ca https://acme-staging-v02.api.letsencrypt.org/directory`
			`DNS-PLACEHOLDER`
			`}`

			`fastcgi / 127.0.0.1:9000 php {`
			`env PATH /bin`
			`env modHeadersAvailable true`
			`env front_controller_active true`
			`connect_timeout 60s`
			`read_timeout 3600s`
			`send_timeout 300s`
			`}`

			`header / {`
			`Strict-Transport-Security "max-age=15768000;"`
			`X-Content-Type-Options "nosniff"`
			`X-XSS-Protection "1; mode=block"`
			`X-Robots-Tag "none"`
			`X-Download-Options "noopen"`
			`X-Permitted-Cross-Domain-Policies "none"`
			`X-Frame-Options "SAMEORIGIN"`
			`Referrer-Policy "no-referrer"`
			`}`

			`header /core/fonts {`
			`Cache-Control "max-age=604800"`
			`}`

			`# checks for images`
			`rewrite {`
			`ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map`
			`r ^/index.php/.*$`
			`to /{1} /index.php?{query}`
			`}`

			`rewrite {`
			`r ^/\.well-known/host-meta$`
			`to /public.php?service=host-meta&{query}`
			`}`
			`rewrite {`
			`r ^/\.well-known/host-meta\.json$`
			`to /public.php?service=host-meta-json&{query}`
			`}`
			`rewrite {`
			`r ^/\.well-known/webfinger$`
			`to /public.php?service=webfinger&{query}`
			`}`

			`rewrite {`
			`r ^/index.php/.*$`
			`to /index.php?{query}`
			`}`

			`rewrite / {`
			`if {path} not_starts_with /remote.php`
			`if {path} not_starts_with /public.php`
			`ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf`
			`r ^/(.*)$`
			`to /{1} /index.php{uri}`
			`}`

			`rewrite / {`
			`if {path} not /core/img/favicon.ico`
			`if {path} not /core/img/manifest.json`
			`if {path} not_starts_with /remote.php`
			`if {path} not_starts_with /public.php`
			`if {path} not_starts_with /cron.php`
			`if {path} not_starts_with /core/ajax/update.php`
			`if {path} not_starts_with /status.php`
			`if {path} not_starts_with /ocs/v1.php`
			`if {path} not_starts_with /ocs/v2.php`
			`if {path} not /robots.txt`
			`if {path} not_starts_with /updater/`
			`if {path} not_starts_with /ocs-provider/`
			`if {path} not_starts_with /ocm-provider/`
			`if {path} not_starts_with /.well-known/`
			`to /index.php{uri}`
			`}`

			`# client support (e.g. os x calendar / contacts)`
			`redir /.well-known/carddav /remote.php/carddav 301`
			`redir /.well-known/caldav /remote.php/caldav 301`

			`# remove trailing / as it causes errors with php-fpm`
			`rewrite {`
			`r ^/remote.php/(webdav\|caldav\|carddav\|dav)(\/?)(\/?)$`
			`to /remote.php/{1}`
			`}`

			`rewrite {`
			`r ^/remote.php/(webdav\|caldav\|carddav\|dav)/(.+?)(\/?)(\/?)$`
			`to /remote.php/{1}/{2}`
			`}`

			`rewrite {`
			`r ^/public.php/(dav\|webdav\|caldav\|carddav)(\/?)(\/?)$`
			`to /public.php/{1}`
			`}`

			`rewrite {`
			`r ^/public.php/(dav\|webdav\|caldav\|carddav)/(.+)(\/?)(\/?)$`
			`to /public.php/{1}/{2}`
			`}`

			`# .htaccess / data / config / ... shouldn't be accessible from outside`
			`status 404 {`
			`/.htaccess`
			`/data`
			`/config`
			`/db_structure`
			`/.xml`
			`/README`
			`/3rdparty`
			`/lib`
			`/templates`
			`/occ`
			`/console.php`
			`}`

			`}`