dbfbd489fa
* Multi-install support, Blueprints and config changes. Initial commit * Migrating jails to blueprints, first steps. Tested Working: - Transmission - Lidarr - Sonarr - Radarr fix lidarr config (+10 squashed commit) Squashed commit: [5f14653] always link ports folders [f18f2f0] Optional (blueprint) ports mount Fixes #89 [96ef7e7] chmod all the things [129e707] same mistake... again... [e1596dc] missing reference [6da3567] Forgot one reference [d78b5b6] Update wiki.yml [cecc53a] Update filecheck.yml [5244abd] basic settings changed. More involved blueprints still need changes, such as: Bitwarden, nextcloud, Mariadb [6568e92] jails -> blueprints * Added Tested Working: - KMS - Plex - Tautulli - Organizr - InfluxDB - MariaDB Many squashed small fixes included: Make *.rc executable (+13 squashed commit) Squashed commit: [b28aa83] use .rc for rc.d config files [e940a48] some mariadb cleanup [dc27aff] testing another way [83bd91b] Mariadb root password alter instead of update, initial config for unifi [0ca3074] some light config cleanup [a0d4352] also remove database from influxdb example config (db should be created when required) [2c218cc] Prepare influxdb and remove unneeded content [1b34109] more shellcheck fixups [c96566c] Some shellcheck cleanup [8969ca7] bitwarden mostly done, some work on nextcloud and unifi [7f89bfa] initial mariadb patch [dd7e85f] missed one problem [f814cb7] Initial pseudo-compatibility patch for unifi * Enable Bitwarden support and some small fixes/tweaks Fixes #95 more bugs and typo's (+3 squashed commit) Squashed commit: [3b5213e] Bitwarden not correctly installing db [b7438a5] yeah thats not gonna cut it... >.< [e7987c2] some slight bitwarden tweaks * Enable Unifi support and some small fixes/tweaks small unifi cleanup. Unifi is working (+3 squashed commit) Squashed commit: [d906d2d] chmod unifi [545e999] Add extra sanity, remove unneeded variables from example [b8c0b24] Some small Unifi Tweaks * Nextcloud Cleanup, Some fixes, Initial support for blueprintsystem Fixes #96 Fixes #97 Fixes #98 some bloat and syntax fixes (+5 squashed commit) Squashed commit: [78f6428] Some more nextcloud cleanup and tweaks - combines multiple variables for cert system selection (Fixes #98 ) - Default to self signed cert - Force manual admin password [7cacae4] slight fixes [3d81cda] More cleanup [50496cc] small mariadb fix and more nextcloud cleanup [c1b2c20] Cleaning nextcloud - Remove external DB (Fixes #97 ) - Remove Postgresql (Fixes #96 ) - Some preparation for blueprint * Nextcloud done and.. another... (+5 squashed commit) Squashed commit: [c65751b] caddy not installed right. [e5da66b] more fixes [a33300e] Damnit, two typo's same scentence [4292a7a] another typo [1b820cf] typo and example hotfix * Introduce version checking for config file
123 lines
2.8 KiB
Caddyfile
123 lines
2.8 KiB
Caddyfile
yourhostnamehere:80 JAIL-IP:80 {
|
|
|
|
root /usr/local/www/nextcloud
|
|
log /var/log/nextcloud_access.log
|
|
errors /var/log/nextcloud_errors.log
|
|
|
|
fastcgi / 127.0.0.1:9000 php {
|
|
env PATH /bin
|
|
env modHeadersAvailable true
|
|
env front_controller_active true
|
|
connect_timeout 60s
|
|
read_timeout 3600s
|
|
send_timeout 300s
|
|
}
|
|
|
|
header / {
|
|
Strict-Transport-Security "max-age=15768000;"
|
|
X-Content-Type-Options "nosniff"
|
|
X-XSS-Protection "1; mode=block"
|
|
X-Robots-Tag "none"
|
|
X-Download-Options "noopen"
|
|
X-Permitted-Cross-Domain-Policies "none"
|
|
X-Frame-Options "SAMEORIGIN"
|
|
Referrer-Policy "no-referrer"
|
|
}
|
|
|
|
header /core/fonts {
|
|
Cache-Control "max-age=604800"
|
|
}
|
|
|
|
# checks for images
|
|
rewrite {
|
|
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
|
|
r ^/index.php/.*$
|
|
to /{1} /index.php?{query}
|
|
}
|
|
|
|
rewrite {
|
|
r ^/\.well-known/host-meta$
|
|
to /public.php?service=host-meta&{query}
|
|
}
|
|
rewrite {
|
|
r ^/\.well-known/host-meta\.json$
|
|
to /public.php?service=host-meta-json&{query}
|
|
}
|
|
rewrite {
|
|
r ^/\.well-known/webfinger$
|
|
to /public.php?service=webfinger&{query}
|
|
}
|
|
|
|
rewrite {
|
|
r ^/index.php/.*$
|
|
to /index.php?{query}
|
|
}
|
|
|
|
rewrite / {
|
|
if {path} not_starts_with /remote.php
|
|
if {path} not_starts_with /public.php
|
|
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf
|
|
r ^/(.*)$
|
|
to /{1} /index.php{uri}
|
|
}
|
|
|
|
rewrite / {
|
|
if {path} not /core/img/favicon.ico
|
|
if {path} not /core/img/manifest.json
|
|
if {path} not_starts_with /remote.php
|
|
if {path} not_starts_with /public.php
|
|
if {path} not_starts_with /cron.php
|
|
if {path} not_starts_with /core/ajax/update.php
|
|
if {path} not_starts_with /status.php
|
|
if {path} not_starts_with /ocs/v1.php
|
|
if {path} not_starts_with /ocs/v2.php
|
|
if {path} not /robots.txt
|
|
if {path} not_starts_with /updater/
|
|
if {path} not_starts_with /ocs-provider/
|
|
if {path} not_starts_with /ocm-provider/
|
|
if {path} not_starts_with /.well-known/
|
|
to /index.php{uri}
|
|
}
|
|
|
|
# client support (e.g. os x calendar / contacts)
|
|
redir /.well-known/carddav /remote.php/carddav 301
|
|
redir /.well-known/caldav /remote.php/caldav 301
|
|
|
|
# remove trailing / as it causes errors with php-fpm
|
|
rewrite {
|
|
r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
|
|
to /remote.php/{1}
|
|
}
|
|
|
|
rewrite {
|
|
r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
|
|
to /remote.php/{1}/{2}
|
|
}
|
|
|
|
rewrite {
|
|
r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
|
|
to /public.php/{1}
|
|
}
|
|
|
|
rewrite {
|
|
r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
|
|
to /public.php/{1}/{2}
|
|
}
|
|
|
|
# .htaccess / data / config / ... shouldn't be accessible from outside
|
|
status 404 {
|
|
/.htaccess
|
|
/data
|
|
/config
|
|
/db_structure
|
|
/.xml
|
|
/README
|
|
/3rdparty
|
|
/lib
|
|
/templates
|
|
/occ
|
|
/console.php
|
|
}
|
|
|
|
}
|