NextCloud

Forum home -> Tech Talk -> View topic

Post

Posted
Rating:
#370
Avatar
Nerd Club Member

Questions about nextcloud setup

Hello, thanks for the response. Since I posted this I have made considerable progress with my Linode VM. I have installed Nextcloud with both Only Office and CollaboraOnline. The whole process was affected with gotchhas and land mines, one had to be very careful. But it all works. Thanks for your videos as they were very helpful in getting everything clean-uped.
I was able to install all application with Nginx and I did not use Docker at all. The installation for CollaboraOnline was not any worse than with the native binaries rather than Docker and I would recommend to do it that way because we can then discover in code where we can eliminate the use restrictions for CODE. Also I think it is nice to be in all Nginx to make the configuration more consistent across the board unless I am missing better functionality in Apache.
I would appreciate your review of my config files as I am not sure that they are optimal. What I ended up with perhaps was a consequence of the order in which I installed things and the order in which I found fixes or workarounds.
The config files are attached and below is a summary of what I did.
On a separate hosting service I have a WordPress site with the domain name, url of form www.[DomainName].org. On a Linode VM I installed in order ( all using nginx):
Mattermost: mattermost.[DomainName].org
php7.3-fpm of course
Nextcloud: nextcloud.[DomainName].org
OnlyOffice(Document Server): onlyoffice.[DomainName].org
CollaboraOnline(CODE): colloboraonline.[DomainName].org
PhpMyAdmin: phpmyadmin.[DomainName].org
The config files are (attached) that I remember editing.
/etc/nginx/nginx.conf
/etc/nginx/sites-available/nextcloud
/etc/onlyoffice/documentserver/nginx/ds.conf
/etc/nginx/sites-available/onlyoffice
/etc/nginx/sites-available/collaboraonline
/etc/nginx/sites-available/phpmyadmin
I also attached /etc/nginx/sites-available/default but I never used it (not symbolically linked to sites-enabled).
All the files other than default were originally symbolically linked to sites-enabled. However, I found that the mattermost was always preempting onlyoffice and collaboraonline, so I moved those latter 2 into the mattermost config file as shown to get things to work. I also removed the symbolic links for the latter 2. Mattermost, OnlyOffice and CollaboraOnline configuration worked differently perhaps because they mapped to services listening on designated ports whereas Nextcloud and PhpMyAdmin link to web sites under /var/www.
Anyway I would appreciate your review of these files, can they be optimized and do they make sense.
The next thing I would like to tacker is creating a TURN server so that Nextcloud Talk video and audio work across all proxies and firewalls. Do you know of a good video or tutorial on how to do this?
I didn’t see any place to attach files so I will put the text in the next reply.
Online now: No Back to the top

Post

Posted
Rating:
#371
Avatar
Nerd Club Member
Corrected order of files:

/etc/nginx/nginx.conf
/etc/nginx/sites-available/mattermost
/etc/nginx/sites-available/nextcloud
/etc/onlyoffice/documentserver/nginx/ds.conf
/etc/nginx/sites-available/onlyoffice
/etc/nginx/sites-available/collaboraonline
/etc/nginx/sites-available/phpmyadmin
I also attached /etc/nginx/sites-available/default but I never used it (not symbolically linked to sites-enabled).



etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##
#  upload_max_filesize 512;
client_max_body_size 512m;
    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#    # See sample authentication script at:
#    # Using a PHP Script on an Apache Server as the IMAP Auth Backend | NGINX
#
#    # auth_http localhost/auth.php;
#    # pop3_capabilities "TOP" "USER";
#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#    server {
#        listen     localhost:110;
#        protocol   pop3;
#        proxy      on;
#    }
#
#    server {
#        listen     localhost:143;
#        protocol   imap;
#        proxy      on;
#    }
#}

etc/nginx/sites-available/mattermost:

upstream backend {
   server [IpAddress]:8065;
   keepalive 32;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

#server {
#   listen 80;
#   listen [::]:80;
#   server_name collaboraonline.[DomainName].org;
#location / {
#proxy_pass http://127.0.0.1:9980;
#}
#   # return 301 https://$server_name$request_uri;
#}
server {
   listen 443 ssl;# http2;
   server_name collaboraonline.[DomainName].org;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/collaboraonline.[DomainName].org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/collaboraonline.[DomainName].org/privkey.pem;
  ssl_verify_client off;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
  ssl_prefer_server_ciphers on;
  ssl_session_cache builtin:1099 shared:SSL:50m;
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;
  add_header X-Content-Type-Options nosniff;
  # OCSP Stapling —
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

  #static files
  location ^~ /loleaflet {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Host $http_host;
  }

  #location / {
  #  proxy_pass http://127.0.0.1:9980;
  #  proxy_set_header Host $http_host;
 # }


  # WOPI discovery URL
  location ^~ /hosting/discovery {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Host $http_host;
  }
  # Capabilities
  location ^~ /hosting/capabilities {
    proxy_pass http://localhost:9980;
    proxy_set_header Host $http_host;
  }

  # Main websocket
  location ~ ^/lool/(.*)/ws$ {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
  }

  # Download, presentation and image upload
  location ~ ^/lool {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Host $http_host;
  }

  # Admin Console websocket
  location ^~ /lool/adminws {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
  }

}

#server {
#listen 80;
#server_name onlyoffice.[DomainName].org;
#location / {
#proxy_pass http://127.0.0.1:81;
#}
#}

#server {
#   listen 80;# default_server;
#   server_name mattermost.[DomainName].org ;
#  return 301 https://$server_name$request_uri;
#}

#server {
#listen 80;
#server_name onlyoffice.[DomainName].org;
#location / {
#proxy_pass http://127.0.0.1:81;
#}
#}
server {
   listen 443 ssl http2;
   server_name onlyoffice.[DomainName].org;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem;
  ssl_verify_client off;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_prefer_server_ciphers on;
  ssl_session_cache builtin:1099 shared:SSL:50m;
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;
  add_header X-Content-Type-Options nosniff;
  # OCSP Stapling —
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       #proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://127.0.0.1:81;
   }
}

server {
   listen 80;# default_server;
   server_name mattermost.[DomainName].org ;
   return 301 https://$server_name$request_uri;
}

server {
   listen 443 ssl http2;
   server_name    mattermost.[DomainName].org;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/mattermost.[DomainName].org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mattermost.[DomainName].org/privkey.pem;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;
  # OCSP Stapling —
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

   location ~ /api/v[0-9]+/(users/)?websocket$ {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 90;
       proxy_send_timeout 300;
       proxy_read_timeout 90s;
       proxy_pass http://backend;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache mattermost_cache;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://backend;
   }
}

 
Online now: No Back to the top

Post

Posted
Rating:
#372
Avatar
Nerd Club Member

/etc/nginx/sites-available/nextcloud:

    upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/run/php/php7.3-fpm.sock;
    }

    server {
        listen 80;
        server_name nextcloud.[DomainName].org;
        root /var/www/nextcloud;
        index index.htm index.html;

        location / {
            try_files $uri $uri/ =404;
        }
    }

    server {
    listen 443 ssl;
    server_name nextcloud.[DomainName].org;

    ssl_certificate /etc/letsencrypt/live/nextcloud.[DomainName].org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.[DomainName].org/privkey.pem;

    # Path to the root of your installation
    root /var/www/nextcloud/;
    # set max upload size
    client_max_body_size 10G;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.8
    #pagespeed off;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
    rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

    # The following 2 rules are only needed for the user_webfinger a1pp.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }

    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
    }

    location / {

    rewrite ^/remote/(.*) /remote.php last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
    }

    location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the location ~ \.php(?:$|/) { block
    location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
    }

    # Optional: Don't log access to other assets
    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
    }
    }

/etc/onlyoffice/documentserver/nginx/ds.conf:

include /etc/nginx/includes/http-common.conf;

## Normal HTTP host
server {
  listen 0.0.0.0:81;
  listen [::]:81 default_server;
  server_name _;
  server_tokens off;

  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
  listen 127.0.0.1:81;
  listen [::1]:81;
  server_name localhost;
  server_tokens off;

  include /etc/nginx/includes/ds-common.conf;
  include /etc/nginx/includes/ds-docservice.conf;
}

## HTTPS host
server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ssl default_server;
  server_tokens off;
  root /usr/share/nginx/html;

  ## Strong SSL Security
  ## Strong SSL Security on nginx - Raymii.org
  ssl on;
  ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem;
  ssl_verify_client off;

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:50m;

  ssl_prefer_server_ciphers   on;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - SSL OCSP stapling won't enable - NGINX - Ruby-Forum
  ## - How To Configure OCSP Stapling on Apache and Nginx | DigitalOcean
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  include /etc/nginx/includes/ds-*.conf;

}

/etc/nginx/sites-available/onlyoffice:

upstream backend2 {
   server [IpAddress]:81;
   keepalive 32;
}

#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;


server {
   listen 80;
   listen [::]:80;
   server_name onlyoffice.[DomainName].org;
location / {
proxy_pass http://127.0.0.1:81;
}
   # return 301 https://$server_name$request_uri;
}
server {
   listen 443 ssl http2;
   server_name    onlyoffice.[DomainName].org;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem;
  ssl_verify_client off;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_prefer_server_ciphers on;
  ssl_session_cache builtin:1099 shared:SSL:50m;
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;
  add_header X-Content-Type-Options nosniff;
  # OCSP Stapling —
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;
  location / {
    proxy_pass http://127.0.0.1:8443;
}
}

/etc/nginx/sites-available/collaboraonline:

upstream backend3 {
   server [IpAddress]:9980;
   keepalive 32;
}

#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;


#server {
#   listen 80;
#   listen [::]:80;
#   server_name collaboraonline.[DomainName].org;
#location / {
#proxy_pass http://127.0.0.1:9980;
#}
#   # return 301 https://$server_name$request_uri;
#}
server {
   listen 443 ssl;# http2;
   server_name    collaboraonline.[DomainName].org;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/collaboraonline.[DomainName].org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/collaboraonline.[DomainName].org/privkey.pem;
  ssl_verify_client off;
  ssl_session_timeout 1d;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
  ssl_prefer_server_ciphers on;
  ssl_session_cache builtin:1099 shared:SSL:50m;
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;
  add_header X-Content-Type-Options nosniff;
  # OCSP Stapling —
  # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

  #static files
  location ^~ /loleaflet {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Host $http_host;
  }

  # WOPI discovery URL
  location ^~ /hosting/discovery {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Host $http_host;
  }
  # Capabilities
  location ^~ /hosting/capabilities {
    proxy_pass http://localhost:9980;
    proxy_set_header Host $http_host;
  }

  # Main websocket
  location ~ ^/lool/(.*)/ws$ {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
  }

  # Download, presentation and image upload
  location ~ ^/lool {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Host $http_host;
  }

  # Admin Console websocket
  location ^~ /lool/adminws {
    proxy_pass http://127.0.0.1:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
  }

}

/etc/nginx/sites-available/phpmyadmin:

server {
   listen 443;
   ssl on;dodo
   ssl_certificate /etc/letsencrypt/live/phpmyadmin.[DomainName].org/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.[DomainName].org/privkey.pem;
   server_name phpmyadmin.[DomainName].org;
   root /var/www/phpmyadmin/;

   index index.php index.html index.htm index.nginx-debian.html; #

   location / {
      index index.php;
   }

## Images and static content is treated different
   location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
      #access_log off;
      expires max;#30d;
      log_not_found off;
   }

   #location ~ /\.ht {
      #deny all;
   #}

   #location ~ /(libraries|setup/frames|setup/libs) {
   #   deny all;
   #   return 404;
   #}

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; #127.0.0.1:9000;
      fastcgi_index index.php;
      fastcgi_split_path_info ^(.+\.php)(.*)$;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;#/var/www/phpmyadmin$fastcgi_script_name;
   }
}

/etc/nginx/sites-available/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# Getting Started | NGINX
# Pitfalls and Common Mistakes | NGINX
# Nginx/DirectoryStructure - Debian Wiki
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: #773332 - Default nginx.conf leaves sites vulnerable to BREACH - Debian Bug report logs
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: #765782 - nginx: The sample TLS config should recommend a better cipher list - Debian Bug report logs
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    # pass PHP scripts to FastCGI server
    #
    #location ~ \.php$ {
    #    include snippets/fastcgi-php.conf;
    #
    #    # With php-fpm (or other unix sockets):
    #    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    #    # With php-cgi (or other tcp sockets):
    #    fastcgi_pass 127.0.0.1:9000;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny all;
    #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#    listen 80;
#    listen [::]:80;
#
#    server_name example.com;
#
#    root /var/www/example.com;
#    index index.html;
#
#    location / {
#        try_files $uri $uri/ =404;
#    }
#}
Online now: No Back to the top

Post

Posted
Rating:
#373
Avatar
NOTS Staff
Hi dworthem,

Thank you so much for joining the Nerd Club! I appreciate it a lot. I'm glad my videos were helpful to you.

Looking through your NGINX files, I don't see anything jumping out at me as being "wrong" or "not optimal" (keeping in mind that I look at Apache configuration more often than NGINX configuration.) The most important thing for a configuration file to do is to set the configuration how you need it, so if this configuration's working, it sounds like you've done everything right.

I haven't created a TURN server before, and I don't have much experience with Nextcloud Talk yet– I've primarily used RocketChat combined with Jitsi for chatting over the last couple of years. However, NOTS does have an internal Nextcloud server again as of a few weeks ago, and as great as Jitsi is, it does have quality issues from time to time, so I'll probably be checking Nextcloud Talk out sooner or later.
Online now: No Back to the top
1 guest and 0 members have just viewed this.