--- allow_duplicates: yes dependencies: - role: misc/system_user # system_user user_directory: "{{ nextcloud_user_directory }}" - role: mysql/database # database_user - role: nginx/php-pool # system_user src: "{{ nextcloud_installation_directory }}" includes: - "{{ nextcloud_installation_directory }}/apps" memory_limit: 1G - role: nginx/server directives: | add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; fastcgi_hide_header X-Powered-By; root {{ nextcloud_installation_directory }}; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } rewrite ^/.well-known/webfinger /public.php?service=webfinger last; rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; client_max_body_size 10240M; #fastcgi_buffers 64 4K; location / { rewrite ^ /index.php$request_uri; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } #location ~ \.(?:flv|mp4|mov|m4a)$ { # mp4; # mp4_buffer_size 100M; # mp4_max_buffer_size 1024M; # fastcgi_split_path_info ^(.+?\.php)(/.*)$; # try_files $uri =404; # fastcgi_index index.php; # include fastcgi_params; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param HTTPS on; # fastcgi_param modHeadersAvailable true; # fastcgi_param front_controller_active true; # fastcgi_pass {{ pool_name }}; # fastcgi_intercept_errors on; # fastcgi_request_buffering off; #} location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass {{ pool_name }}; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$request_uri; access_log off; }