jailman move

jailman/blueprints/nextcloud/includes/Caddyfile-selfsigned

@@ -0,0 +1,128 @@
+http://yourhostnamehere http://JAIL-IP {
+	redir https://yourhostnamehere{uri}
+}
+
+https://yourhostnamehere https://JAIL-IP {
+
+	root   /usr/local/www/nextcloud
+	log    /var/log/nextcloud_access.log
+	errors /var/log/nextcloud_errors.log
+
+	tls /config/ssl/fullchain.pem /config/ssl/privkey.pem
+
+	fastcgi / 127.0.0.1:9000 php {
+		env PATH /bin
+		env modHeadersAvailable true
+		env front_controller_active true
+		connect_timeout 60s
+		read_timeout 3600s
+		send_timeout 300s
+	}
+
+	header / {
+		Strict-Transport-Security		"max-age=15768000;"
+		X-Content-Type-Options			"nosniff"
+		X-XSS-Protection			"1; mode=block"
+		X-Robots-Tag				"none"
+		X-Download-Options			"noopen"
+		X-Permitted-Cross-Domain-Policies	"none"
+		X-Frame-Options "SAMEORIGIN"
+		Referrer-Policy				"no-referrer"
+	}
+
+	header /core/fonts {
+		Cache-Control				"max-age=604800"
+	}
+
+	# checks for images
+	rewrite {
+		ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
+		r ^/index.php/.*$
+		to /{1} /index.php?{query}
+	}
+	
+	rewrite {
+                r ^/\.well-known/host-meta$
+                to /public.php?service=host-meta&{query}
+        }
+	rewrite {
+                r ^/\.well-known/host-meta\.json$
+                to /public.php?service=host-meta-json&{query}
+        }
+	rewrite {
+                r ^/\.well-known/webfinger$
+                to /public.php?service=webfinger&{query}
+        }
+
+	rewrite {
+		r ^/index.php/.*$
+		to /index.php?{query}
+	}
+
+	rewrite / {
+		if {path} not_starts_with /remote.php
+		if {path} not_starts_with /public.php
+		ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf 
+		r ^/(.*)$
+		to /{1} /index.php{uri}
+	}
+
+	rewrite / {
+		if {path} not /core/img/favicon.ico
+		if {path} not /core/img/manifest.json
+		if {path} not_starts_with /remote.php
+		if {path} not_starts_with /public.php
+		if {path} not_starts_with /cron.php
+		if {path} not_starts_with /core/ajax/update.php
+		if {path} not_starts_with /status.php
+		if {path} not_starts_with /ocs/v1.php
+		if {path} not_starts_with /ocs/v2.php
+		if {path} not /robots.txt
+		if {path} not_starts_with /updater/
+		if {path} not_starts_with /ocs-provider/
+		if {path} not_starts_with /ocm-provider/ 
+		if {path} not_starts_with /.well-known/
+		to /index.php{uri}
+	}
+
+	# client support (e.g. os x calendar / contacts)
+	redir /.well-known/carddav /remote.php/carddav 301
+	redir /.well-known/caldav /remote.php/caldav 301
+
+	# remove trailing / as it causes errors with php-fpm
+	rewrite {
+		r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
+		to /remote.php/{1}
+	}
+
+	rewrite {
+		r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
+		to /remote.php/{1}/{2}
+	}
+
+	rewrite {
+		r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
+		to /public.php/{1}
+	}
+
+	rewrite {
+		r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
+		to /public.php/{1}/{2}
+	}
+
+	# .htaccess / data / config / ... shouldn't be accessible from outside
+	status 404 {
+		/.htaccess
+		/data
+		/config
+		/db_structure
+		/.xml
+		/README
+		/3rdparty
+		/lib
+		/templates
+		/occ
+		/console.php
+	}
+
+}