Report post You have 30 minutes to complete this form before the CAPTCHA will expire. Security image * Required field JavaScript is required to view this page. Either you do not have JavaScript enabled in your web browser, you do not have cookies enabled in your web browser, or this website is misconfigured such that cookies do not save correctly. This is a reported post for a post in the topic <input class="cms_keep_ui_controlled" size="45" title="[post param="NextCloud"]372[/post]" type="button" value="post Comcode tag (dbl-click to edit/delete)" />, by dworthem<br /><br /><comcode-quote param="251"><br /><span style=" font-size: 1.2em"><b>/etc/nginx/sites-available/nextcloud:</b></span><br /><br /> upstream php-handler {<br /> #server 127.0.0.1:9000;<br /> server unix:/run/php/php7.3-fpm.sock;<br /> }<br /><br /> server {<br /> listen 80;<br /> server_name nextcloud.[DomainName].org;<br /> root /var/www/nextcloud;<br /> index index.htm index.html;<br /><br /> location / {<br /> try_files $uri $uri/ =404;<br /> }<br /> }<br /><br /> server {<br /> listen 443 ssl;<br /> server_name nextcloud.[DomainName].org;<br /><br /> ssl_certificate /etc/letsencrypt/live/nextcloud.[DomainName].org/fullchain.pem;<br /> ssl_certificate_key /etc/letsencrypt/live/nextcloud.[DomainName].org/privkey.pem;<br /><br /> # Path to the root of your installation<br /> root /var/www/nextcloud/;<br /> # set max upload size<br /> client_max_body_size 10G;<br /> fastcgi_buffers 64 4K;<br /><br /> # Disable gzip to avoid the removal of the ETag header<br /> gzip off;<br /><br /> # Uncomment if your server is build with the ngx_pagespeed module<br /> # This module is currently not supported.8<br /> #pagespeed off;<br /><br /> index index.php;<br /> error_page 403 /core/templates/403.php;<br /> error_page 404 /core/templates/404.php;<br /><br /> rewrite ^/.well-known/carddav /remote.php/dav/ permanent;<br /> rewrite ^/.well-known/caldav /remote.php/dav/ permanent;<br /><br /> # The following 2 rules are only needed for the user_webfinger a1pp.<br /> # Uncomment it if you're planning to use this app.<br /> #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;<br /> #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;<br /><br /> location = /robots.txt {<br /> allow all;<br /> log_not_found off;<br /> access_log off;<br /> }<br /><br /> location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {<br /> deny all;<br /> }<br /><br /> location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {<br /> deny all;<br /> }<br /><br /> location / {<br /><br /> rewrite ^/remote/(.*) /remote.php last;<br /><br /> rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;<br /><br /> try_files $uri $uri/ =404;<br /> }<br /><br /> location ~ \.php(?<img class="top_vertical_alignment" alt=":$" src="https://nerdonthestreet.com/themes/default/images/cns_emoticons/blush.png" />|/) {<br /> fastcgi_split_path_info ^(.+\.php)(/.+)$;<br /> include fastcgi_params;<br /> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br /> fastcgi_param PATH_INFO $fastcgi_path_info;<br /> fastcgi_param HTTPS on;<br /> fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice<br /> fastcgi_pass php-handler;<br /> fastcgi_intercept_errors on;<br /> }<br /><br /> # Adding the cache control header for js and css files<br /> # Make sure it is BELOW the location ~ \.php(?<img class="top_vertical_alignment" alt=":$" src="https://nerdonthestreet.com/themes/default/images/cns_emoticons/blush.png" />|/) { block<br /> location ~* \.(?:css|js)$ {<br /> add_header Cache-Control "public, max-age=7200";<br /> # Add headers to serve security related headers<br /> add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";<br /> add_header X-Content-Type-Options nosniff;<br /> add_header X-Frame-Options "SAMEORIGIN";<br /> add_header X-XSS-Protection "1; mode=block";<br /> add_header X-Robots-Tag none;<br /> add_header X-Download-Options noopen;<br /> add_header X-Permitted-Cross-Domain-Policies none;<br /> # Optional: Don't log access to assets<br /> access_log off;<br /> }<br /><br /> # Optional: Don't log access to other assets<br /> location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {<br /> access_log off;<br /> }<br /> }<br /><br /><span style=" font-size: 1.2em"><b>/etc/onlyoffice/documentserver/nginx/ds.conf:</b></span><br /><br />include /etc/nginx/includes/http-common.conf;<br /><br />## Normal HTTP host<br />server {<br /> listen 0.0.0.0:81;<br /> listen [::]:81 default_server;<br /> server_name _;<br /> server_tokens off;<br /><br /> ## Redirects all traffic to the HTTPS host<br /> root /nowhere; ## root doesn't have to be a valid path since we are redirecting<br /> rewrite ^ https://$host$request_uri? permanent;<br />}<br /><br />#HTTP host for internal services<br />server {<br /> listen 127.0.0.1:81;<br /> listen [::1]:81;<br /> server_name localhost;<br /> server_tokens off;<br /><br /> include /etc/nginx/includes/ds-common.conf;<br /> include /etc/nginx/includes/ds-docservice.conf;<br />}<br /><br />## HTTPS host<br />server {<br /> listen 0.0.0.0:443 ssl;<br /> listen [::]:443 ssl default_server;<br /> server_tokens off;<br /> root /usr/share/nginx/html;<br /><br /> ## Strong SSL Security<br /> ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html<br /> ssl on;<br /> ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem;<br /> ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem;<br /> ssl_verify_client off;<br /><br /> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";<br /><br /> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br /> ssl_session_cache builtin:1000 shared<img class="top_vertical_alignment" alt=":S" src="https://nerdonthestreet.com/themes/default/images/cns_emoticons/confused.png" />SL:50m;<br /><br /> ssl_prefer_server_ciphers on;<br /><br /> add_header Strict-Transport-Security max-age=31536000;<br /> # add_header X-Frame-Options SAMEORIGIN;<br /> add_header X-Content-Type-Options nosniff;<br /><br /> ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.<br /> ## Replace with your ssl_trusted_certificate. For more info see:<br /> ## - https://medium.com/devops-programming/4445f4862461<br /> ## - https://www.ruby-forum.com/topic/4419319<br /> ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx<br /> # ssl_stapling on;<br /> # ssl_stapling_verify on;<br /> # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;<br /> # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired<br /> # resolver_timeout 10s;<br /><br /> ## [Optional] Generate a stronger DHE parameter:<br /> ## cd /etc/ssl/certs<br /> ## sudo openssl dhparam -out dhparam.pem 4096<br /> ##<br /> # ssl_dhparam /etc/ssl/certs/dhparam.pem;<br /><br /> include /etc/nginx/includes/ds-*.conf;<br /><br />}<br /><br /><span style=" font-size: 1.2em"><b>/etc/nginx/sites-available/onlyoffice:</b></span><br /><br />upstream backend2 {<br /> server [IpAddress]:81;<br /> keepalive 32;<br />}<br /><br />#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;<br /><br /><br />server {<br /> listen 80;<br /> listen [::]:80;<br /> server_name onlyoffice.[DomainName].org;<br />location / {<br />proxy_pass http://127.0.0.1:81;<br />}<br /> # return 301 https://$server_name$request_uri;<br />}<br />server {<br /> listen 443 ssl http2;<br /> server_name onlyoffice.[DomainName].org;<br /><br /> ssl on;<br /> ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem;<br /> ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem;<br /> ssl_verify_client off;<br /> ssl_session_timeout 1d;<br /> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br /> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";<br /> ssl_prefer_server_ciphers on;<br /> ssl_session_cache builtin:1099 shared<img class="top_vertical_alignment" alt=":S" src="https://nerdonthestreet.com/themes/default/images/cns_emoticons/confused.png" />SL:50m;<br /> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)<br /> add_header Strict-Transport-Security max-age=15768000;<br /> add_header X-Content-Type-Options nosniff;<br /> # OCSP Stapling —<br /> # fetch OCSP records from URL in ssl_certificate and cache them<br /> ssl_stapling on;<br /> ssl_stapling_verify on;<br /> location / {<br /> proxy_pass http://127.0.0.1:8443;<br />}<br />}<br /><br /><span style=" font-size: 1.2em"><b>/etc/nginx/sites-available/collaboraonline:</b></span><br /><br />upstream backend3 {<br /> server [IpAddress]:9980;<br /> keepalive 32;<br />}<br /><br />#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;<br /><br /><br />#server {<br /># listen 80;<br /># listen [::]:80;<br /># server_name collaboraonline.[DomainName].org;<br />#location / {<br />#proxy_pass http://127.0.0.1:9980;<br />#}<br /># # return 301 https://$server_name$request_uri;<br />#}<br />server {<br /> listen 443 ssl;# http2;<br /> server_name collaboraonline.[DomainName].org;<br /><br /> ssl on;<br /> ssl_certificate /etc/letsencrypt/live/collaboraonline.[DomainName].org/fullchain.pem;<br /> ssl_certificate_key /etc/letsencrypt/live/collaboraonline.[DomainName].org/privkey.pem;<br /> ssl_verify_client off;<br /> ssl_session_timeout 1d;<br /> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br /> ssl_ciphers "ALL:!ADH:!LOW:!EXP:!MD5<img class="top_vertical_alignment" alt=":@" src="https://nerdonthestreet.com/themes/default/images/cns_emoticons/angry.png" />STRENGTH";<br /> ssl_prefer_server_ciphers on;<br /> ssl_session_cache builtin:1099 shared<img class="top_vertical_alignment" alt=":S" src="https://nerdonthestreet.com/themes/default/images/cns_emoticons/confused.png" />SL:50m;<br /> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)<br /> add_header Strict-Transport-Security max-age=15768000;<br /> add_header X-Content-Type-Options nosniff;<br /> # OCSP Stapling —<br /> # fetch OCSP records from URL in ssl_certificate and cache them<br /> ssl_stapling on;<br /> ssl_stapling_verify on;<br /><br /> #static files<br /> location ^~ /loleaflet {<br /> proxy_pass http://127.0.0.1:9980;<br /> proxy_set_header Host $http_host;<br /> }<br /><br /> # WOPI discovery URL<br /> location ^~ /hosting/discovery {<br /> proxy_pass http://127.0.0.1:9980;<br /> proxy_set_header Host $http_host;<br /> }<br /> # Capabilities<br /> location ^~ /hosting/capabilities {<br /> proxy_pass http://localhost:9980;<br /> proxy_set_header Host $http_host;<br /> }<br /><br /> # Main websocket<br /> location ~ ^/lool/(.*)/ws$ {<br /> proxy_pass http://127.0.0.1:9980;<br /> proxy_set_header Upgrade $http_upgrade;<br /> proxy_set_header Connection "Upgrade";<br /> proxy_set_header Host $http_host;<br /> proxy_read_timeout 36000s;<br /> }<br /><br /> # Download, presentation and image upload<br /> location ~ ^/lool {<br /> proxy_pass http://127.0.0.1:9980;<br /> proxy_set_header Host $http_host;<br /> }<br /><br /> # Admin Console websocket<br /> location ^~ /lool/adminws {<br /> proxy_pass http://127.0.0.1:9980;<br /> proxy_set_header Upgrade $http_upgrade;<br /> proxy_set_header Connection "Upgrade";<br /> proxy_set_header Host $http_host;<br /> proxy_read_timeout 36000s;<br /> }<br /><br />}<br /><br />/<span style=" font-size: 1.2em"><b>etc/nginx/sites-available/phpmyadmin:</b></span><br /><br />server {<br /> listen 443;<br /> ssl on;dodo<br /> ssl_certificate /etc/letsencrypt/live/phpmyadmin.[DomainName].org/fullchain.pem;<br /> ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.[DomainName].org/privkey.pem;<br /> server_name phpmyadmin.[DomainName].org;<br /> root /var/www/phpmyadmin/;<br /><br /> index index.php index.html index.htm index.nginx-debian.html; #<br /><br /> location / {<br /> index index.php;<br /> }<br /><br />## Images and static content is treated different<br /> location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {<br /> #access_log off;<br /> expires max;#30d;<br /> log_not_found off;<br /> }<br /><br /> #location ~ /\.ht {<br /> #deny all;<br /> #}<br /><br /> #location ~ /(libraries|setup/frames|setup/libs) {<br /> # deny all;<br /> # return 404;<br /> #}<br /><br /> location ~ \.php$ {<br /> include /etc/nginx/fastcgi_params;<br /> fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; #127.0.0.1:9000;<br /> fastcgi_index index.php;<br /> fastcgi_split_path_info ^(.+\.php)(.*)$;<br /> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;#/var/www/phpmyadmin$fastcgi_script_name;<br /> }<br />}<br /><br />/etc/nginx/sites-available/default:<br />##<br /># You should look at the following URL's in order to grasp a solid understanding<br /># of Nginx configuration files in order to fully unleash the power of Nginx.<br /># https://www.nginx.com/resources/wiki/start/<br /># https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/<br /># https://wiki.debian.org/Nginx/DirectoryStructure<br />#<br /># In most cases, administrators will remove this file from sites-enabled/ and<br /># leave it as reference inside of sites-available where it will continue to be<br /># updated by the nginx packaging team.<br />#<br /># This file will automatically load configuration files provided by other<br /># applications, such as Drupal or Wordpress. These applications will be made<br /># available underneath a path with that package name, such as /drupal8.<br />#<br /># Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.<br />##<br /><br /># Default server configuration<br />#<br />server {<br /> listen 80 default_server;<br /> listen [::]:80 default_server;<br /><br /> # SSL configuration<br /> #<br /> # listen 443 ssl default_server;<br /> # listen [::]:443 ssl default_server;<br /> #<br /> # Note: You should disable gzip for SSL traffic.<br /> # See: https://bugs.debian.org/773332<br /> #<br /> # Read up on ssl_ciphers to ensure a secure configuration.<br /> # See: https://bugs.debian.org/765782<br /> #<br /> # Self signed certs generated by the ssl-cert package<br /> # Don't use them in a production server!<br /> #<br /> # include snippets/snakeoil.conf;<br /><br /> root /var/www/html;<br /><br /> # Add index.php to the list if you are using PHP<br /> index index.html index.htm index.nginx-debian.html;<br /><br /> server_name _;<br /><br /> location / {<br /> # First attempt to serve request as file, then<br /> # as directory, then fall back to displaying a 404.<br /> try_files $uri $uri/ =404;<br /> }<br /><br /> # pass PHP scripts to FastCGI server<br /> #<br /> #location ~ \.php$ {<br /> # include snippets/fastcgi-php.conf;<br /> #<br /> # # With php-fpm (or other unix sockets):<br /> # fastcgi_pass unix:/run/php/php7.3-fpm.sock;<br /> # # With php-cgi (or other tcp sockets):<br /> # fastcgi_pass 127.0.0.1:9000;<br /> #}<br /><br /> # deny access to .htaccess files, if Apache's document root<br /> # concurs with nginx's one<br /> #<br /> #location ~ /\.ht {<br /> # deny all;<br /> #}<br />}<br /><br /><br /># Virtual Host configuration for example.com<br />#<br /># You can move that to a different file under sites-available/ and symlink that<br /># to sites-enabled/ to enable it.<br />#<br />#server {<br /># listen 80;<br /># listen [::]:80;<br />#<br /># server_name example.com;<br />#<br /># root /var/www/example.com;<br /># index index.html;<br />#<br /># location / {<br /># try_files $uri $uri/ =404;<br /># }<br />#}<br /></comcode-quote><br />//// PUT YOUR REPORT BELOW \\\\<br /><br /> Add: Add: Font Size Color [Font] Arial Courier Georgia Impact Times Trebuchet Verdana Tahoma Geneva Helvetica [Size] 0.8 1 1.5 2 2.5 3 4 [Color] Black Blue Gray Green Orange Purple Red White Yellow This is a reported post for a post in the topic [post param="NextCloud"]372[/post], by dworthem [quote="251"] [font size="1.2em"][b]/etc/nginx/sites-available/nextcloud:[/b][/font] upstream php-handler { #server 127.0.0.1:9000; server unix:/run/php/php7.3-fpm.sock; } server { listen 80; server_name nextcloud.[DomainName].org; root /var/www/nextcloud; index index.htm index.html; location / { try_files $uri $uri/ =404; } } server { listen 443 ssl; server_name nextcloud.[DomainName].org; ssl_certificate /etc/letsencrypt/live/nextcloud.[DomainName].org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nextcloud.[DomainName].org/privkey.pem; # Path to the root of your installation root /var/www/nextcloud/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported.8 #pagespeed off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/dav/ permanent; rewrite ^/.well-known/caldav /remote.php/dav/ permanent; # The following 2 rules are only needed for the user_webfinger a1pp. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location / { rewrite ^/remote/(.*) /remote.php last; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_pass php-handler; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?:$|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } } [font size="1.2em"][b]/etc/onlyoffice/documentserver/nginx/ds.conf:[/b][/font] include /etc/nginx/includes/http-common.conf; ## Normal HTTP host server { listen 0.0.0.0:81; listen [::]:81 default_server; server_name _; server_tokens off; ## Redirects all traffic to the HTTPS host root /nowhere; ## root doesn't have to be a valid path since we are redirecting rewrite ^ https://$host$request_uri? permanent; } #HTTP host for internal services server { listen 127.0.0.1:81; listen [::1]:81; server_name localhost; server_tokens off; include /etc/nginx/includes/ds-common.conf; include /etc/nginx/includes/ds-docservice.conf; } ## HTTPS host server { listen 0.0.0.0:443 ssl; listen [::]:443 ssl default_server; server_tokens off; root /usr/share/nginx/html; ## Strong SSL Security ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl on; ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem; ssl_verify_client off; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache builtin:1000 shared:SSL:50m; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security max-age=31536000; # add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. ## Replace with your ssl_trusted_certificate. For more info see: ## - https://medium.com/devops-programming/4445f4862461 ## - https://www.ruby-forum.com/topic/4419319 ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx # ssl_stapling on; # ssl_stapling_verify on; # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired # resolver_timeout 10s; ## [Optional] Generate a stronger DHE parameter: ## cd /etc/ssl/certs ## sudo openssl dhparam -out dhparam.pem 4096 ## # ssl_dhparam /etc/ssl/certs/dhparam.pem; include /etc/nginx/includes/ds-*.conf; } [font size="1.2em"][b]/etc/nginx/sites-available/onlyoffice:[/b][/font] upstream backend2 { server [IpAddress]:81; keepalive 32; } #proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; server { listen 80; listen [::]:80; server_name onlyoffice.[DomainName].org; location / { proxy_pass http://127.0.0.1:81; } # return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name onlyoffice.[DomainName].org; ssl on; ssl_certificate /etc/letsencrypt/live/onlyoffice.[DomainName].org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/onlyoffice.[DomainName].org/privkey.pem; ssl_verify_client off; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1099 shared:SSL:50m; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; add_header X-Content-Type-Options nosniff; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; location / { proxy_pass http://127.0.0.1:8443; } } [font size="1.2em"][b]/etc/nginx/sites-available/collaboraonline:[/b][/font] upstream backend3 { server [IpAddress]:9980; keepalive 32; } #proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; #server { # listen 80; # listen [::]:80; # server_name collaboraonline.[DomainName].org; #location / { #proxy_pass http://127.0.0.1:9980; #} # # return 301 https://$server_name$request_uri; #} server { listen 443 ssl;# http2; server_name collaboraonline.[DomainName].org; ssl on; ssl_certificate /etc/letsencrypt/live/collaboraonline.[DomainName].org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/collaboraonline.[DomainName].org/privkey.pem; ssl_verify_client off; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1099 shared:SSL:50m; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; add_header X-Content-Type-Options nosniff; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; #static files location ^~ /loleaflet { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://localhost:9980; proxy_set_header Host $http_host; } # Main websocket location ~ ^/lool/(.*)/ws$ { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # Download, presentation and image upload location ~ ^/lool { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # Admin Console websocket location ^~ /lool/adminws { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } } /[font size="1.2em"][b]etc/nginx/sites-available/phpmyadmin:[/b][/font] server { listen 443; ssl on;dodo ssl_certificate /etc/letsencrypt/live/phpmyadmin.[DomainName].org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.[DomainName].org/privkey.pem; server_name phpmyadmin.[DomainName].org; root /var/www/phpmyadmin/; index index.php index.html index.htm index.nginx-debian.html; # location / { index index.php; } ## Images and static content is treated different location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ { #access_log off; expires max;#30d; log_not_found off; } #location ~ /\.ht { #deny all; #} #location ~ /(libraries|setup/frames|setup/libs) { # deny all; # return 404; #} location ~ \.php$ { include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; #127.0.0.1:9000; fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;#/var/www/phpmyadmin$fastcgi_script_name; } } /etc/nginx/sites-available/default: ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.3-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} [/quote] //// PUT YOUR REPORT BELOW \\\\ Use of this website implies that you agree to the website rules and privacy policy.
