Jailman v1.1.0 (#24)
* set branch (+2 squashed commit) Squashed commit: [e322f24] remove placeholder [8647131] palceholder * Code cleanup and (primarily) consolidation (#21) * set branch * Exit 1 on iocage create failure * - Move jailcreate to global function - Remove Jailcreate.sh * Add dataset creation function * - add test script to test new global changes - also create folder in jail with createmount * fix * make test executable * more verbosity, fixing folder creation * moving global dataset create * move jails to new dataset-mount creation function * remove test jail and test branch-ref * Add Nextcloud (#22) * Basic working nextcloud integration * Enable persistent reinstall of Nextcloud * prepare for dev merge * Licence alert * Add external database and integrated jail * small improvements and update script * Add mariadb to dev (#31) * Working MariaDB config * - Set ZFS settings for DB on Nextcloud and MariaDB - Cleanup MariaDB * prepare for dev merge * Niceify Readme (#34) * put content from master into it * Some readme itteration * more niceification * [WIP} Wiki workflow test (#37) introduce automatic wiki generation * Add Bitwarden support (#35) * Nextcloud-Cleanup for v1.1.0 (#40) * Nextcloud cleanup - add db-type sanity check - remove some integrated db checks - Move ssl to /config/ssl - remove integrated databases * slight default tweaking * fix mariadb install bug * QA cycle
This commit is contained in:
Kjeld Schouten-Lebbing
committed by
GitHub
GitHub
parent
b54921f97e
commit
cd5adfd94b
127
jails/nextcloud/includes/Caddyfile
Executable file
127
jails/nextcloud/includes/Caddyfile
Executable file
@ -0,0 +1,127 @@
|
||||
yourhostnamehere JAIL-IP {
|
||||
|
||||
root /usr/local/www/nextcloud
|
||||
log /var/log/nextcloud_access.log
|
||||
errors /var/log/nextcloud_errors.log
|
||||
|
||||
tls {
|
||||
ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
DNS-PLACEHOLDER
|
||||
}
|
||||
|
||||
fastcgi / 127.0.0.1:9000 php {
|
||||
env PATH /bin
|
||||
env modHeadersAvailable true
|
||||
env front_controller_active true
|
||||
connect_timeout 60s
|
||||
read_timeout 3600s
|
||||
send_timeout 300s
|
||||
}
|
||||
|
||||
header / {
|
||||
Strict-Transport-Security "max-age=15768000;"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Robots-Tag "none"
|
||||
X-Download-Options "noopen"
|
||||
X-Permitted-Cross-Domain-Policies "none"
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
Referrer-Policy "no-referrer"
|
||||
}
|
||||
|
||||
header /core/fonts {
|
||||
Cache-Control "max-age=604800"
|
||||
}
|
||||
|
||||
# checks for images
|
||||
rewrite {
|
||||
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
|
||||
r ^/index.php/.*$
|
||||
to /{1} /index.php?{query}
|
||||
}
|
||||
|
||||
rewrite {
|
||||
r ^/\.well-known/host-meta$
|
||||
to /public.php?service=host-meta&{query}
|
||||
}
|
||||
rewrite {
|
||||
r ^/\.well-known/host-meta\.json$
|
||||
to /public.php?service=host-meta-json&{query}
|
||||
}
|
||||
rewrite {
|
||||
r ^/\.well-known/webfinger$
|
||||
to /public.php?service=webfinger&{query}
|
||||
}
|
||||
|
||||
rewrite {
|
||||
r ^/index.php/.*$
|
||||
to /index.php?{query}
|
||||
}
|
||||
|
||||
rewrite / {
|
||||
if {path} not_starts_with /remote.php
|
||||
if {path} not_starts_with /public.php
|
||||
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf
|
||||
r ^/(.*)$
|
||||
to /{1} /index.php{uri}
|
||||
}
|
||||
|
||||
rewrite / {
|
||||
if {path} not /core/img/favicon.ico
|
||||
if {path} not /core/img/manifest.json
|
||||
if {path} not_starts_with /remote.php
|
||||
if {path} not_starts_with /public.php
|
||||
if {path} not_starts_with /cron.php
|
||||
if {path} not_starts_with /core/ajax/update.php
|
||||
if {path} not_starts_with /status.php
|
||||
if {path} not_starts_with /ocs/v1.php
|
||||
if {path} not_starts_with /ocs/v2.php
|
||||
if {path} not /robots.txt
|
||||
if {path} not_starts_with /updater/
|
||||
if {path} not_starts_with /ocs-provider/
|
||||
if {path} not_starts_with /ocm-provider/
|
||||
if {path} not_starts_with /.well-known/
|
||||
to /index.php{uri}
|
||||
}
|
||||
|
||||
# client support (e.g. os x calendar / contacts)
|
||||
redir /.well-known/carddav /remote.php/carddav 301
|
||||
redir /.well-known/caldav /remote.php/caldav 301
|
||||
|
||||
# remove trailing / as it causes errors with php-fpm
|
||||
rewrite {
|
||||
r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
|
||||
to /remote.php/{1}
|
||||
}
|
||||
|
||||
rewrite {
|
||||
r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
|
||||
to /remote.php/{1}/{2}
|
||||
}
|
||||
|
||||
rewrite {
|
||||
r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
|
||||
to /public.php/{1}
|
||||
}
|
||||
|
||||
rewrite {
|
||||
r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
|
||||
to /public.php/{1}/{2}
|
||||
}
|
||||
|
||||
# .htaccess / data / config / ... shouldn't be accessible from outside
|
||||
status 404 {
|
||||
/.htaccess
|
||||
/data
|
||||
/config
|
||||
/db_structure
|
||||
/.xml
|
||||
/README
|
||||
/3rdparty
|
||||
/lib
|
||||
/templates
|
||||
/occ
|
||||
/console.php
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user