diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2019-03-02 01:18:18 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-02 01:18:18 +0000 |
commit | 542e38491626f8188f9fab2261e6a3efecc04c1a (patch) | |
tree | ef2a86fde4b1265ef1f91466aa9ffc217a3be441 /nixos | |
parent | 2a61c058c61b38ad358f7c05bf7a8aa53348c0a3 (diff) | |
parent | 390b6108a2cd3cea1134e9dd547dedacc9c13f36 (diff) | |
download | nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.tar nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.tar.gz nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.tar.bz2 nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.tar.lz nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.tar.xz nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.tar.zst nixpkgs-542e38491626f8188f9fab2261e6a3efecc04c1a.zip |
Merge pull request #56496 from bachp/nextcloud-nginx-recommended
nixos/nextcloud: Update recommended nginx settings
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 39 |
1 files changed, 17 insertions, 22 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 68b875333d6..498e3fdb23a 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -5,14 +5,18 @@ with lib; let cfg = config.services.nextcloud; + phpPackage = pkgs.php73; + phpPackages = pkgs.php73Packages; + toKeyValue = generators.toKeyValue { mkKeyValue = generators.mkKeyValueDefault {} " = "; }; phpOptionsExtensions = '' - ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} - ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} - ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} + ${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"} + ${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"} + ${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"} + extension=${phpPackages.imagick}/lib/php/extensions/imagick.so zend_extension = opcache.so opcache.enable = 1 ''; @@ -94,18 +98,6 @@ in { ''; }; - phpPackages = mkOption { - type = types.attrs; - default = pkgs.php71Packages; - defaultText = "pkgs.php71Packages"; - description = '' - Overridable attribute of the PHP packages set to use. If any caching - module is enabled, it will be taken from here. Therefore it should - match the version of PHP given to - <literal>services.phpfpm.phpPackage</literal>. - ''; - }; - phpOptions = mkOption { type = types.attrsOf types.str; default = { @@ -373,14 +365,14 @@ in { }; services.phpfpm = { - phpOptions = phpOptionsExtensions; - phpPackage = pkgs.php71; pools.nextcloud = let phpAdminValues = (toKeyValue (foldr (a: b: a // b) {} (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) phpOptions))); in { + phpOptions = phpOptionsExtensions; + phpPackage = phpPackage; listen = "/run/phpfpm/nextcloud"; extraConfig = '' listen.owner = nginx @@ -421,7 +413,7 @@ in { }; "/" = { priority = 200; - extraConfig = "rewrite ^ /index.php$uri;"; + extraConfig = "rewrite ^ /index.php$request_uri;"; }; "~ ^/store-apps" = { priority = 201; @@ -458,22 +450,23 @@ in { fastcgi_read_timeout 120s; ''; }; - "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\/)".extraConfig = '' try_files $uri/ =404; index index.php; ''; - "~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = '' + try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; access_log off; ''; "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + try_files $uri /index.php$request_uri; access_log off; ''; }; @@ -483,10 +476,12 @@ in { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; client_max_body_size ${cfg.maxUploadSize}; fastcgi_buffers 64 4K; + fastcgi_hide_header X-Powered-By; gzip on; gzip_vary on; gzip_comp_level 4; |