Created
February 7, 2018 22:04
-
-
Save shieldwed/7e1496a42fe066ca419b9a8b4f6cf1f0 to your computer and use it in GitHub Desktop.
Nginx config to run Nextcloud and Collabora on the same virtual host
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream php-fpm-handler { | |
| server ${NEXTCLOUD_FPM_HOST}:${NEXTCLOUD_FPM_PORT}; | |
| } | |
| upstream collabora-handler { | |
| server ${COLLABORA_HOST}:${COLLABORA_PORT}; | |
| } | |
| server { | |
| listen ${NGINX_PORT}; | |
| server_name ${NGINX_HOST}; | |
| root /var/www/html; | |
| # set max upload size | |
| client_max_body_size 10G; | |
| fastcgi_buffers 64 4K; | |
| # Enable gzip but do not remove ETag headers | |
| gzip on; | |
| gzip_vary on; | |
| gzip_comp_level 4; | |
| gzip_min_length 256; | |
| gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | |
| gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; | |
| index index.php; | |
| error_page 403 /core/templates/403.php; | |
| error_page 404 /core/templates/404.php; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Robots-Tag none; | |
| add_header X-Download-Options noopen; | |
| add_header X-Permitted-Cross-Domain-Policies none; | |
| location = /robots.txt { | |
| allow all; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location = /.well-known/carddav { | |
| return 301 $scheme://$host/remote.php/dav; | |
| } | |
| location = /.well-known/caldav { | |
| return 301 $scheme://$host/remote.php/dav; | |
| } | |
| location / { | |
| rewrite ^ /index.php$uri; | |
| } | |
| location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { | |
| deny all; | |
| } | |
| location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { | |
| deny all; | |
| } | |
| location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | |
| include fastcgi_params; | |
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| fastcgi_param PATH_INFO $fastcgi_path_info; | |
| fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice | |
| fastcgi_param front_controller_active true; | |
| fastcgi_pass php-fpm-handler; | |
| fastcgi_intercept_errors on; | |
| fastcgi_request_buffering off; | |
| fastcgi_read_timeout 1200; | |
| } | |
| location ~ ^/(?:updater|ocs-provider)(?:$|/) { | |
| try_files $uri/ =404; | |
| index index.php; | |
| } | |
| # Adding the cache control header for js and css files | |
| # Make sure it is BELOW the location ~ \.php(?:$|/) { block | |
| location ~ \.(?:css|js|woff|svg|gif)$ { | |
| try_files $uri /index.php$uri$is_args$args; | |
| add_header Cache-Control "public, max-age=15778463"; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| add_header X-Frame-Options "SAMEORIGIN"; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Robots-Tag none; | |
| add_header X-Download-Options noopen; | |
| add_header X-Permitted-Cross-Domain-Policies none; | |
| access_log off; | |
| } | |
| location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { | |
| try_files $uri /index.php$uri$is_args$args; | |
| access_log off; | |
| } | |
| # collabora static files | |
| location ^~ /loleaflet { | |
| proxy_pass https://collabora-handler; | |
| proxy_set_header Host $http_host; | |
| } | |
| # collabora WOPI discovery URL | |
| location ^~ /hosting/discovery { | |
| proxy_pass https://collabora-handler; | |
| proxy_set_header Host $http_host; | |
| } | |
| # collabora main websocket | |
| location ~ ^/lool/(.*)/ws$ { | |
| proxy_pass https://collabora-handler; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| proxy_set_header Host $http_host; | |
| proxy_read_timeout 36000s; | |
| } | |
| # collabora download, presentation and image upload | |
| location ~ ^/lool { | |
| proxy_pass https://collabora-handler; | |
| proxy_set_header Host $http_host; | |
| } | |
| # collabora Admin Console websocket | |
| location ^~ /lool/adminws { | |
| proxy_pass https://collabora-handler; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| proxy_set_header Host $http_host; | |
| proxy_read_timeout 36000s; | |
| } | |
| } |
Thank you. Now I have to figure out how to make this work:
www -> traefik -> collabora ==> Not working, the 9980 port is not returning anything
www -> traefik -> nginx-proxy (based on this file) -> collabora ===> did not tested yet...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you. I wanted to not include nginx/apache proxy for collabora as I already have traefik, but I guess it's not going to be that easy..