ansible/roles/server/nextcloud/meta/main.yml

---

allow_duplicates: yes

dependencies:
  - role: misc/system_user
    # system_user
    user_directory: "{{ nextcloud_user_directory }}"
  - role: mysql/database
    # database_user
  - role: nginx/php-pool
    # system_user
    src: "{{ nextcloud_installation_directory }}"
    includes:
      - "{{ nextcloud_installation_directory }}/apps"
    memory_limit: 1G
  - role: nginx/server
    directives: |
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
      add_header Referrer-Policy no-referrer;
      fastcgi_hide_header X-Powered-By;
      root {{ nextcloud_installation_directory }};
      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
      }
      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
      client_max_body_size 10240M;
      #fastcgi_buffers 64 4K;
      location / {
        rewrite ^ /index.php$request_uri;
      }
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
      }
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
      }
      #location ~ \.(?:flv|mp4|mov|m4a)$ {
      #  mp4;
      #  mp4_buffer_size 100M;
      #  mp4_max_buffer_size 1024M;
      #  fastcgi_split_path_info ^(.+?\.php)(/.*)$;
      #  try_files $uri =404;
      #  fastcgi_index index.php;
      #  include fastcgi_params;
      #  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      #  fastcgi_param PATH_INFO $fastcgi_path_info;
      #  fastcgi_param HTTPS on;
      #  fastcgi_param modHeadersAvailable true;
      #  fastcgi_param front_controller_active true;
      #  fastcgi_pass {{ pool_name }};
      #  fastcgi_intercept_errors on;
      #  fastcgi_request_buffering off;
      #}
      location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass {{ pool_name }};
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
      }
      location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
      }
      location ~ \.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
      }
Added role server/nextcloud 5 years ago			`---`
server/nextcloud: Allow duplicates for role 5 years ago
			`allow_duplicates: yes`
server/nextcloud: Changed dependencies back to real one Undo of 9216931b33200106cafb2184836ff7d37a24e9d1 5 years ago
			`dependencies:`
			`- role: misc/system_user`
			`# system_user`
			`user_directory: "{{ nextcloud_user_directory }}"`
			`- role: mysql/database`
			`# database_user`
			`- role: nginx/php-pool`
			`# system_user`
			`src: "{{ nextcloud_installation_directory }}"`
			`includes:`
			`- "{{ nextcloud_installation_directory }}/apps"`
			`memory_limit: 1G`
			`- role: nginx/server`
			`directives: \|`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header X-Robots-Tag none;`
			`add_header X-Download-Options noopen;`
			`add_header X-Permitted-Cross-Domain-Policies none;`
			`add_header Referrer-Policy no-referrer;`
			`fastcgi_hide_header X-Powered-By;`
			`root {{ nextcloud_installation_directory }};`
			`location = /.well-known/carddav {`
			`return 301 $scheme://$host/remote.php/dav;`
			`}`
			`location = /.well-known/caldav {`
			`return 301 $scheme://$host/remote.php/dav;`
			`}`
			`rewrite ^/.well-known/webfinger /public.php?service=webfinger last;`
			`rewrite ^/.well-known/host-meta /public.php?service=host-meta last;`
			`rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;`
			`client_max_body_size 10240M;`
			`#fastcgi_buffers 64 4K;`
			`location / {`
			`rewrite ^ /index.php$request_uri;`
			`}`
			`location ~ ^/(build\|tests\|config\|lib\|3rdparty\|templates\|data)/ {`
			`deny all;`
			`}`
			`location ~ ^/(?:\.\|autotest\|occ\|issue\|indie\|db_\|console) {`
			`deny all;`
			`}`
			`#location ~ \.(?:flv\|mp4\|mov\|m4a)$ {`
			`# mp4;`
			`# mp4_buffer_size 100M;`
			`# mp4_max_buffer_size 1024M;`
			`# fastcgi_split_path_info ^(.+?\.php)(/.*)$;`
			`# try_files $uri =404;`
			`# fastcgi_index index.php;`
			`# include fastcgi_params;`
			`# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`# fastcgi_param PATH_INFO $fastcgi_path_info;`
			`# fastcgi_param HTTPS on;`
			`# fastcgi_param modHeadersAvailable true;`
			`# fastcgi_param front_controller_active true;`
			`# fastcgi_pass {{ pool_name }};`
			`# fastcgi_intercept_errors on;`
			`# fastcgi_request_buffering off;`
			`#}`
			`location ~ ^/(?:index\|remote\|public\|cron\|core/ajax/update\|status\|ocs/v[12]\|updater/.+\|ocs-provider/.+)\.php(?:$\|/) {`
			`fastcgi_split_path_info ^(.+?\.php)(/.*)$;`
			`fastcgi_index index.php;`
			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`fastcgi_param PATH_INFO $fastcgi_path_info;`
			`fastcgi_param HTTPS on;`
			`fastcgi_param modHeadersAvailable true;`
			`fastcgi_param front_controller_active true;`
			`fastcgi_pass {{ pool_name }};`
			`fastcgi_intercept_errors on;`
			`fastcgi_request_buffering off;`
			`}`
			`location ~ ^/(?:updater\|ocs-provider)(?:$\|/) {`
			`try_files $uri/ =404;`
			`index index.php;`
			`}`
			`location ~ \.(?:css\|js\|woff2?\|svg\|gif\|png\|html\|ttf\|ico\|jpg\|jpeg)$ {`
			`try_files $uri /index.php$request_uri;`
			`access_log off;`
			`}`