From b80875632e3f48097ca860d77000f54a96a50acb Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolov Date: Sat, 16 Dec 2023 20:48:47 +0200 Subject: [PATCH] Update the examples section according to the latest nginx configuration required. (#2123) Signed-off-by: Kaloyan K Nikolov --- .../insecure/mariadb/fpm/web/nginx.conf | 45 +++++++++++++++--- .../insecure/postgres/fpm/web/nginx.conf | 44 +++++++++++++++--- .../mariadb/fpm/web/nginx.conf | 46 ++++++++++++++++--- .../postgres/fpm/web/nginx.conf | 46 ++++++++++++++++--- 4 files changed, 155 insertions(+), 26 deletions(-) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index c74ea99b..42e49a1e 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -10,7 +10,7 @@ events { http { - include /etc/nginx/mime.types; + include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -27,6 +27,12 @@ http { keepalive_timeout 65; + # Set the `immutable` cache control options only for assets with a cache busting `v` argument + map $arg_v $asset_immutable { + "" ""; + default "immutable"; + } + #gzip on; upstream php-handler { @@ -44,17 +50,23 @@ http { # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # set max upload size + # set max upload size and increase upload timeout: client_max_body_size 512M; + client_body_timeout 300s; fastcgi_buffers 64 4K; + # The settings allows you to optimize the HTTP2 bandwidth. + # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ + # for tuning hints + client_body_buffer_size 512k; + # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. @@ -128,7 +140,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -146,12 +158,33 @@ http { fastcgi_intercept_errors on; fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; } - location ~ \.(?:css|js|svg|gif)$ { + # Javascript mimetype fixes for nginx + # Note: The block below should be removed, and the js|mjs section should be + # added to the block below this one. This is a temporary fix until Nginx + # upstream fixes the js mime-type + location ~* \.(?:js|mjs)$ { + types { + text/javascript js mjs; + } + default_type "text/javascript"; try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; + } + + # Serve static files + location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?$ { diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index c74ea99b..b1c72e5f 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -10,7 +10,7 @@ events { http { - include /etc/nginx/mime.types; + include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -27,6 +27,12 @@ http { keepalive_timeout 65; + # Set the `immutable` cache control options only for assets with a cache busting `v` argument + map $arg_v $asset_immutable { + "" ""; + default "immutable"; + } + #gzip on; upstream php-handler { @@ -44,17 +50,23 @@ http { # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # set max upload size + # set max upload size and increase upload timeout: client_max_body_size 512M; + client_body_timeout 300s; fastcgi_buffers 64 4K; + # The settings allows you to optimize the HTTP2 bandwidth. + # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ + # for tuning hints + client_body_buffer_size 512k; + # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. @@ -128,7 +140,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -146,12 +158,32 @@ http { fastcgi_intercept_errors on; fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; } - location ~ \.(?:css|js|svg|gif)$ { + # Javascript mimetype fixes for nginx + # Note: The block below should be removed, and the js|mjs section should be + # added to the block below this one. This is a temporary fix until Nginx + # upstream fixes the js mime-type + location ~* \.(?:js|mjs)$ { + types { + text/javascript js mjs; + } try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; + } + + # Serve static files + location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?$ { diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index c74ea99b..01c28564 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -10,7 +10,7 @@ events { http { - include /etc/nginx/mime.types; + include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -27,6 +27,12 @@ http { keepalive_timeout 65; + # Set the `immutable` cache control options only for assets with a cache busting `v` argument + map $arg_v $asset_immutable { + "" ""; + default "immutable"; + } + #gzip on; upstream php-handler { @@ -44,17 +50,23 @@ http { # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # set max upload size + # set max upload size and increase upload timeout: client_max_body_size 512M; + client_body_timeout 300s; fastcgi_buffers 64 4K; + # The settings allows you to optimize the HTTP2 bandwidth. + # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ + # for tuning hints + client_body_buffer_size 512k; + # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. @@ -128,7 +140,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -138,7 +150,7 @@ http { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; + fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls @@ -146,12 +158,32 @@ http { fastcgi_intercept_errors on; fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; } - location ~ \.(?:css|js|svg|gif)$ { + # Javascript mimetype fixes for nginx + # Note: The block below should be removed, and the js|mjs section should be + # added to the block below this one. This is a temporary fix until Nginx + # upstream fixes the js mime-type + location ~* \.(?:js|mjs)$ { + types { + text/javascript js mjs; + } try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; + } + + # Serve static files + location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?$ { diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index c74ea99b..01c28564 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -10,7 +10,7 @@ events { http { - include /etc/nginx/mime.types; + include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -27,6 +27,12 @@ http { keepalive_timeout 65; + # Set the `immutable` cache control options only for assets with a cache busting `v` argument + map $arg_v $asset_immutable { + "" ""; + default "immutable"; + } + #gzip on; upstream php-handler { @@ -44,17 +50,23 @@ http { # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - # set max upload size + # set max upload size and increase upload timeout: client_max_body_size 512M; + client_body_timeout 300s; fastcgi_buffers 64 4K; + # The settings allows you to optimize the HTTP2 bandwidth. + # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ + # for tuning hints + client_body_buffer_size 512k; + # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. @@ -128,7 +140,7 @@ http { # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; @@ -138,7 +150,7 @@ http { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; + fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls @@ -146,12 +158,32 @@ http { fastcgi_intercept_errors on; fastcgi_request_buffering off; + + fastcgi_max_temp_file_size 0; } - location ~ \.(?:css|js|svg|gif)$ { + # Javascript mimetype fixes for nginx + # Note: The block below should be removed, and the js|mjs section should be + # added to the block below this one. This is a temporary fix until Nginx + # upstream fixes the js mime-type + location ~* \.(?:js|mjs)$ { + types { + text/javascript js mjs; + } try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + access_log off; + } + + # Serve static files + location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?$ {