server/nextcloud: Applied security patch

CVE-2019-11043 see https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
5 years ago · a667132cb4
parent b6bea17d48
commit a667132cb4
1 changed files with 2 additions and 1 deletions
--- a/roles/server/nextcloud/meta/main.yml
+++ b/roles/server/nextcloud/meta/main.yml
@ -37,7 +37,7 @@ dependencies:
      client_max_body_size 10240M;
      #fastcgi_buffers 64 4K;
      location / {
-        rewrite ^ /index.php$request_uri;
+        rewrite ^ /index.php;
      }
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
@ -64,6 +64,7 @@ dependencies:
      #}
      location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        try_files $fastcgi_script_name =404;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;