Nextcloud version: 15.0.5 RC 1 (Latest Daily Build)
Operating system and version: Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-45-generic x86_64)
Apache or nginx version: nginx/1.14.0
PHP version: 7.3
The issue you are facing: After the beta update to 15.0.5 RC 1, no one on the server could log in. I have recreated the database, the database user, and reinstalled nextcloud. I believe there is a bug, or there is a compatibility issue within my Nginx configuration.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Go to the “User Settings”
- Nextcloud will display an error message (“An error occurred during the request. Unable to proceed”)
The output of your Nextcloud log in Admin > Logging:
|Info|core|Bruteforce attempt from detected for action "login".2019-02-23T18:26:39-0800
|Warning|core|Login failed: 'root' 2019-02-23T18:26:38-0800
|Info|core|Bruteforce attempt from detected for action "login". 2019-02-23T18:26:31-0800|
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => <redacted>,
'passwordsalt' => <redacted>,
'secret' => <redacted>,
'trusted_domains' =>
array (
0 => <redacted>,
),
'datadirectory' => '/media/WWWData/NextCloud',
'overwrite.cli.url' => 'https://<redacted>/cloud',
'dbtype' => 'mysql',
'version' => '15.0.5.1',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '3306',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => <redacted>,
'dbpassword' => <redacted>,
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'maintenance' => false,
'theme' => '',
'loglevel' => 1,
'logfile' => '/var/nextcloud.log',
'updater.release.channel' => 'daily',
'updater.secret' => <redacted>,
);
The output of your Apache/nginx/system log in /var/log/____
:
2019/02/19 08:04:34 [crit] 2039#2039: *25723 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 184.105.247.194, server: 0.0.0.0:443
2019/02/19 18:16:03 [error] 2039#2039: *29492 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 69.12.72.175, server: <redacted for privacy>, request: "GET /wp-content/plugins/apikey/apikey.php?test=hello HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock$
2019/02/19 18:53:06 [error] 2039#2039: *29721 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:35 [error] 2039#2039: *29895 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:36 [error] 2039#2039: *29899 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:46 [error] 2039#2039: *29896 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:09:46 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:05 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:06 [error] 2039#2039: *29885 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:08 [error] 2039#2039: *29895 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:08 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:10 [error] 2039#2039: *29885 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:10:10 [error] 2039#2039: *29887 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:11:19 [error] 2039#2039: *29960 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:11:20 [error] 2041#2041: *29965 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 19:51:29 [error] 1784#1784: *2 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 21:45:01 [error] 1784#1784: *962 access forbidden by rule, client: 107.77.205.19, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/19 21:54:22 [crit] 1784#1784: *1048 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 198.108.66.176, server: 0.0.0.0:443
2019/02/19 22:50:55 [error] 1784#1784: *1299 access forbidden by rule, client: 107.77.205.214, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 00:02:07 [error] 1784#1784: *1456 access forbidden by rule, client: 216.7.112.234, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 06:57:27 [crit] 1784#1784: *1765 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 208.93.152.20, server: 0.0.0.0:443
2019/02/20 09:56:16 [crit] 1784#1784: *1996 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 184.105.139.70, server: 0.0.0.0:443
2019/02/20 12:43:06 [crit] 1784#1784: *2124 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 208.93.152.20, server: 0.0.0.0:443
2019/02/20 18:37:48 [error] 1784#1784: *2377 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:38 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:38 [error] 1784#1784: *2409 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:40 [error] 1784#1784: *2409 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:47 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:48 [error] 1784#1784: *2403 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:49 [error] 1785#1785: *2411 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:49 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:52 [error] 1784#1784: *2403 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:52 [error] 1784#1784: *2407 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:52 [error] 1784#1784: *2403 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:45:57 [error] 1784#1784: *2464 open() "/var/www/ssl/favicon.ico" failed (2: No such file or directory), client: 107.77.205.21, server: <redacted for privacy>, request: "GET /favicon.ico HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:47:11 [error] 1784#1784: *2403 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 107.77.205.21, server: <redacted for privacy>, request: "POST /cloud/updater/index.php HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock", host: "tdserver.ddns.n$
2019/02/20 18:47:40 [error] 1784#1784: *2479 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:47:41 [error] 1787#1787: *2481 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:47:42 [error] 1785#1785: *2478 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:01 [error] 1784#1784: *2500 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:01 [error] 1784#1784: *2506 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:03 [error] 1784#1784: *2502 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:03 [error] 1785#1785: *2503 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:04 [error] 1784#1784: *2500 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:04 [error] 1785#1785: *2503 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:49:04 [error] 1784#1784: *2502 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:11 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:12 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:12 [error] 1731#1731: *10 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:51:59 [error] 1731#1731: *7 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:00 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:03 [error] 1731#1731: *5 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:03 [error] 1731#1731: *7 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:03 [error] 1731#1731: *10 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:04 [error] 1731#1731: *9 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:04 [error] 1731#1731: *7 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/cloud//groups HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:52:04 [error] 1731#1731: *10 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/updatenotification/api/v1/applist/15.0.5.0 HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:54:47 [error] 1731#1731: *75 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:54:47 [error] 1731#1731: *66 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/core/whatsnew?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 18:54:52 [error] 1731#1731: *108 access forbidden by rule, client: 107.77.205.21, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 19:09:16 [error] 1731#1731: *131 access forbidden by rule, client: 107.77.205.210, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 19:11:50 [error] 1731#1731: *149 access forbidden by rule, client: 107.77.205.210, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
2019/02/20 19:11:51 [error] 1731#1731: *147 access forbidden by rule, client: 107.77.205.210, server: <redacted for privacy>, request: "GET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1", host: "<redacted for privacy>"
Additionally, I am including my Nginx configuration for my site. I have a sneaky suspicion that the “access forbidden by rule” is caused by it. My nextcloud is hosted on my site in my ‘/cloud’ subfolder.
# PHP Traffic
upstream php-handler {
server 127.0.0.1:9000;
}
# Download Server
server {
listen 65403 default_server;
listen [::]:65403 default_server;
server_name <redacted for privacy>;
root /var/www/non-ssl;
autoindex on;
ssl on;
ssl_certificate /etc/letsencrypt/live/<redacted for privacy>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<redacted for privacy>/privkey.pem;
# managed by Certbot
}
# Redirect to HTTPS/SSL
server {
listen 80;
listen [::]:80;
server_name <redacted for privacy>;
return 301 https://$server_name$request_uri;
}
# Main SSL Server
server {
# Listen on Port 443
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL/Server Options
server_name <redacted for privacy>;
ssl_certificate /etc/letsencrypt/live/<redacted for privacy>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<redacted for privacy>/privkey.pem; # managed by Certbot
# Header Options
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
fastcgi_hide_header X-Powered-By;
# Directory Options
root /var/www/ssl;
index index.php;
# Fix for Posts 404
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# URL Redirections
location /downloads {
return 301 https://<redacted for privacy>:65403;
}
location /plex {
return 301 https://app.plex.tv/;
}
# Allow Access to robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny Access to PHP Monitor
location ^~ /cloud/ocs/v2.php {
deny all;
}
# PHP Options
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
# Deny Access to Sensitive Files
location ~ ^/(license.txt|readme.html|pihole|\.ht|db_structure\.xml|README) {
deny all;
}
# Set Static Pages to Expire
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
###### --- Nextcloud Configuration --- ######
location = /.well-known/carddav {
return 301 $scheme://$host/cloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/cloud/remote.php/dav;
}
location ^~ /cloud {
# set max upload size
client_max_body_size 10000M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location /cloud {
rewrite ^ /cloud/index.php$request_uri;
}
location ~ ^\/cloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/cloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/cloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/cloud\/(?:updater|ocs-provider|ocm-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ ^\/cloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /cloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~ ^\/cloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /cloud/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}