Skip to content

Month: February 2016

OwnCloud 8.2 configuration for Nginx subdirectory

I installed the latest OwnCloud 8.2 under the subdirectory on https://crossrt.me, so I can share the SSL certificate to protect my files during transfer between remote and client. I search the Nginx configuration for my circumstance, but not luck since no one is working. So I decide to modify the config file from administration manual, here is the link to it.

My circumstance:

  • Want to install OwnCloud 8.2
  • WordPress installed on the domain.
  • Share SSL certificate.

Here is my nginx config file, modify it according to your need:

PASTEBIN


server {
	listen 443 default_server;
	ssl on;
	ssl_certificate /PATH/TO/YOUR/SSL.crt;
	ssl_certificate_key /PATH/TO/YOUR/SSL.key;

	server_name domainname.com;
	root /PATH/TO/YOUR/domainname.com;
	index index.php index.html index.htm;

	location / {
		try_files $uri $uri/ /index.php?q=$uri&$args;
	}

	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}

	# deny access to .htaccess files, if Apache's document root concurs with nginx's one
	location ~ /\.ht {
		deny all;
	}

	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
		root /usr/share/nginx/html;
	}

	# Add headers to serve security related headers
	# add Strict-Transport-Security to prevent man in the middle attacks
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;

	location /owncloud {

		client_max_body_size 2G; # set max upload size
		fastcgi_buffers 64 4K;

		error_page 403 /owncloud/core/templates/403.php;
		error_page 404 /owncloud/core/templates/404.php;

		rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ permanent;
		rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ permanent;

		# The following 2 rules are only needed for the user_webfinger app.
		# Uncomment it if you're planning to use this app.
		#rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
		#rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;

		location = /owncloud/robots.txt {
			allow all;
			log_not_found off;
			access_log off;
		}

		location ~ ^/owncloud/(build|tests|config|lib|3rdparty|templates|data)/ {
			deny all;
		}

		location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
			deny all;
		}

		rewrite ^/owncloud/remote/(.*) /remote.php last;
		rewrite ^/owncloud(/core/doc/[^\/]+/)$ $1/index.html;
		try_files $uri $uri/ =404;

		location ~ \.php(?:$|/) {
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param HTTPS on;
			fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
			fastcgi_pass unix:/run/php/php7.0-fpm.sock;
			fastcgi_intercept_errors on;
		}

		# Adding the cache control header for js and css files
		# Make sure it is BELOW the location ~ \.php(?:$|/) { block
		location ~* \.(?:css|js)$ {
			add_header Cache-Control "public, max-age=7200";
			# Add headers to serve security related headers
			add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
			add_header X-Content-Type-Options nosniff;
			add_header X-Frame-Options "SAMEORIGIN";
			add_header X-XSS-Protection "1; mode=block";
			add_header X-Robots-Tag none;
			# Optional: Don't log access to assets
			access_log off;
		}

		# Optional: Don't log access to other assets
		location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
			access_log off;
		}
	}
}


So basically I just modify the rewrite rules in the config file from its official document. Again, remember to refer OwnCloud official document, it’s always helped.

 

Leave a Comment