diff --git a/templates/Nextcloud/Resources/fastcgi.conf b/templates/Nextcloud/Resources/fastcgi.conf deleted file mode 100644 index c2f509a..0000000 --- a/templates/Nextcloud/Resources/fastcgi.conf +++ /dev/null @@ -1,21 +0,0 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -fastcgi_index index.php; - -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/Resources/fastcgi_params b/templates/Nextcloud/Resources/fastcgi_params new file mode 100644 index 0000000..14e5ac6 --- /dev/null +++ b/templates/Nextcloud/Resources/fastcgi_params @@ -0,0 +1,27 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param PATH_INFO $fastcgi_path_info; +fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_param HTTPS $https; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/templates/Nextcloud/Resources/nginx.conf b/templates/Nextcloud/Resources/nginx.conf index 861d6e6..82ddf1c 100644 --- a/templates/Nextcloud/Resources/nginx.conf +++ b/templates/Nextcloud/Resources/nginx.conf @@ -27,7 +27,7 @@ http { fastcgi_hide_header X-Powered-By; # Path to the root of your installation - root /var/www/nextcloud/; + root /var/www/html/; location = /robots.txt { allow all; @@ -71,17 +71,24 @@ http { location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } -############################################################################################################################### Suspected current issue location location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - include fastcgi.conf; + + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + + fastcgi_pass php-handler; + fastcgi_index index.php; + + # include the fastcgi_param setting + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; - # fastcgi_param HTTPS on; + # fastcgi_param HTTPS on; # Handled through Traefik #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; - fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; }