DenebTM · December 16, 2024 00:21
diff --git a/Caddyfile b/Caddyfile
 {
 	admin "unix//run/caddy/admin.socket"

 	log default {
 		output stdout
 		format console
 	}

 	# uncomment this if running behind a reverse proxy
 	# this ensures that the upstream X-Forwarded-* headers get passed along
 	#servers {
 	#	trusted_proxies static <proxy_ip(s)>
 	#}
 }

 (upstream) {
 	php_fastcgi unix//run/php-fpm/php-fpm.sock
 	file_server
 }

 (well-known) {
 	redir /.well-known/carddav /remote.php/dav 308
 	redir /.well-known/caldav /remote.php/dav 308
 	redir /.well-known/webfinger /index.php/.well-known/webfinger 308
 	redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 308
 }

 (error_page) {
 	handle_errors {
 		rewrite * /error/{err.status_code}
 		import upstream
 	}
 }

 (deny) {
 	@forbidden {
 		path /.htaccess
 		path /config/*
 		path /occ
 		path /console.php
 		path /package.json
 		path /package.lock.json
 	}
 	error @forbidden 404
 }

 # partial rewrite of the .htaccess file
 (webdav) {
 	@davclnt header_regexp User-Agent DavClnt

 	@p1 path_regexp ^$
 	redir @p1 /remote.php/webdav/ 307
 	redir /.well-known/carddav /remote.php/dav/ 308
 	redir /.well-known/caldav /remote.php/dav/ 308
 	redir /remote/* remote.php?{query}
 	@p2 path_regexp ^(build|tests|config|lib|3rdparty|templates)/.*
 	error @p2 404
 	@p3 {
 		path_regexp ^\.well-known/
 		not path_regexp ^\.well-known/(acme-challenge|pki-validation)
 	}
 	redir @p3 /index.php?{query}
 	@p4 path_regexp ^ocm_provider/?
 	redir @p4 index.php?{query}
 	@p5 {
 		path_regexp ^(\..*|autotest|occ|issue|indie|db_|console).*
 		not path_regexp ^\.well-known
 	}
 	error @p5 404
 }

 (notify_push) {
 	route /push/* {
 		reverse_proxy localhost:7867 {
 			header_up Connection "Upgrade"
 		}
 	}
 }

 :80 {
 	root * /usr/share/webapps/nextcloud
 	import upstream

 	log {
 		output stdout
 		format console
 	}

 	encode gzip zstd

 	header Strict-Transport-Security "max-age=15552000; includeSubDomains"

 	import well-known
 	import error_page
 	import notify_push
 	import deny
 	import webdav
 }
	{
	admin "unix//run/caddy/admin.socket"

	log default {
	output stdout
	format console
	}

	# uncomment this if running behind a reverse proxy
	# this ensures that the upstream X-Forwarded-* headers get passed along
	#servers {
	# trusted_proxies static <proxy_ip(s)>
	#}
	}

	(upstream) {
	php_fastcgi unix//run/php-fpm/php-fpm.sock
	file_server
	}

	(well-known) {
	redir /.well-known/carddav /remote.php/dav 308
	redir /.well-known/caldav /remote.php/dav 308
	redir /.well-known/webfinger /index.php/.well-known/webfinger 308
	redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 308
	}

	(error_page) {
	handle_errors {
	rewrite * /error/{err.status_code}
	import upstream
	}
	}

	(deny) {
	@forbidden {
	path /.htaccess
	path /config/*
	path /occ
	path /console.php
	path /package.json
	path /package.lock.json
	}
	error @forbidden 404
	}

	# partial rewrite of the .htaccess file
	(webdav) {
	@davclnt header_regexp User-Agent DavClnt

	@p1 path_regexp ^$
	redir @p1 /remote.php/webdav/ 307
	redir /.well-known/carddav /remote.php/dav/ 308
	redir /.well-known/caldav /remote.php/dav/ 308
	redir /remote/* remote.php?{query}
	@p2 path_regexp ^(build\|tests\|config\|lib\|3rdparty\|templates)/.*
	error @p2 404
	@p3 {
	path_regexp ^\.well-known/
	not path_regexp ^\.well-known/(acme-challenge\|pki-validation)
	}
	redir @p3 /index.php?{query}
	@p4 path_regexp ^ocm_provider/?
	redir @p4 index.php?{query}
	@p5 {
	path_regexp ^(\..\|autotest\|occ\|issue\|indie\|db_\|console).
	not path_regexp ^\.well-known
	}
	error @p5 404
	}

	(notify_push) {
	route /push/* {
	reverse_proxy localhost:7867 {
	header_up Connection "Upgrade"
	}
	}
	}

	:80 {
	root * /usr/share/webapps/nextcloud
	import upstream

	log {
	output stdout
	format console
	}

	encode gzip zstd

	header Strict-Transport-Security "max-age=15552000; includeSubDomains"

	import well-known
	import error_page
	import notify_push
	import deny
	import webdav
	}
No results found