user www; ### Change the number of workers to the same number of cores your server has worker_processes 4; pid /var/run/nginx.pid; events { worker_connections 512; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # GENERAL ignore_invalid_headers on; sendfile on; server_name_in_redirect off; server_tokens off; #SSL ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; ssl_prefer_server_ciphers on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; # TCP tcp_nodelay off; tcp_nopush on; # Timeouts client_body_timeout 65; client_header_timeout 65; keepalive_timeout 65 65; send_timeout 65; # Compression gzip on; gzip_buffers 256 8k; gzip_comp_level 9; gzip_http_version 1.0; gzip_min_length 0; gzip_types text/css text/javascript text/mathml text/plain text/xml application/x-javascript application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml; gzip_vary on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; # Redirects HTTP to HTTPS server { listen 80; ### Change the following two lines to match your website name server_name srv6.domain.com www.srv6.domain.com; root /usr/local/www/pydio; index index.php; # return 301 https://srv6.domain.com$request_uri; # Prevent Clickjacking add_header X-Frame-Options "SAMEORIGIN"; } # PYDIO (ssl/tls) server { listen 443 ssl; ### Change the following line to match your website name server_name srv6.domain.com www.srv6.domain.com; root /usr/local/www/pydio; index index.php; ### If you changed the maximum upload size in PHP.ini, also change it below client_max_body_size 5120M; rewrite ^/dashboard|^/settings|^/welcome|^/ws- /index.php last; if ( !-e $request_filename ) { # WebDAV Rewrites rewrite ^/shares /dav.php last; # Sync client rewrite ^/api /rest.php last; # External users rewrite ^/user ./index.php?get_action=user_access_point last; # Public shares rewrite ^/data/public/([a-zA-Z0-9_-]+)\.php$ /data/public/share.php?hash=$1?; } rewrite ^/data/public/([a-zA-Z0-9_-]+)--([a-z]+)$ /data/public/share.php?hash=$1&lang=$2?; rewrite ^/data/public/([a-zA-Z0-9_-]+)$ /data/public/share.php?hash=$1?; # Prevent Clickjacking add_header X-Frame-Options "SAMEORIGIN"; # SSL Settings ### If you are using different names for your SSL certificate and key, change them below: # ssl_certificate /usr/local/etc/letsencrypt/live/srv6.domain.com/fullchain.pem; # ssl_certificate_key /usr/local/etc/letsencrypt/live/srv6.domain.com/privkey.pem; add_header Strict-Transport-Security "max-age=16070400; includeSubdomains"; # Set the custom error pages error_page 404 = /data/public/404.html; error_page 403 = /data/public/404.html; # Logs error_log /var/log/pydio.nginx.error.log; ### Uncomment the line below if you don't want nginx logging access to the server. #access_log off; # Remove direct access to the following folders & files location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) { deny all; } location ~* /data/public/.*.(ser|htaccess)$ { deny all; } # Stops the annoying error messages in the logs location ~* ^/(favicon.ico|robots.txt) { log_not_found off; } # WebDAV Rewrites location /shares { if (!-f $request_filename) { rewrite ^/shares /dav.php last; break; } if (!-d $request_filename) { rewrite ^/shares /dav.php last; break; } } # Enables PHP location ~ \.php$ { fastcgi_pass unix:/var/run/phph-fpm.socket; try_files $uri =404; fastcgi_param HTTPS on; include fastcgi_params; } # Enables Caching location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { expires 7d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } } }