Just wondering if anybody here is using ISPConfig 3.1 with nginx 1.6.2 and php-fpm 7.1 and got a working nginx Directives section for me. I’m pretty new to nginx. My current nextcloud is running on a ispconfig server with apache2 but i want to migrate to a nginx server. I tried the default config found on the Nextcloud installation / nginx configuration examples but i’m not quite sure which parts i do need and what parts i dont need.
I spent all of last night searching and testing, but havent found the right setup yet. So any tips would be appreciated. My current (and default ispconfig) configuration is as follows. Its without any nextcloud configuration added. The nextcloud config what results in a xx.vhost.err config is at the bottom.
server {
listen *:80;
listen *:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/xx/xx/xx/bla.crt;
ssl_certificate_key /var/www/clients/xx/xx/xx/bla.key;
server_name cloud.server.com ;
root /var/www/cloud.server.com/web/;
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
recursive_error_pages on;
location = /error/400.html {
internal;
}
location = /error/401.html {
internal;
}
location = /error/403.html {
internal;
}
location = /error/404.html {
internal;
}
location = /error/405.html {
internal;
}
location = /error/500.html {
internal;
}
location = /error/502.html {
internal;
}
location = /error/503.html {
internal;
}
error_log /var/log/ispconfig/httpd/cloud.server.com/error.log;
access_log /var/log/ispconfig/httpd/cloud.server.com/access.log combined;
location ~ /\.(?!well-known/acme-challenge/) {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/xx/xx/xx/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files /501b25223cf3e3d42ee5f15f6115426f.htm @php;
}
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
location ~ /\.well-known/acme-challenge/ {
root /usr/local/ispconfig/interface/acme/;
index index.html index.htm;
try_files $uri =404;
}
}
Added config in ISPConfig
add_header Strict-Transport-Security “max-age=15768000;
includeSubDomains; preload;”;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options “SAMEORIGIN”;
add_header X-XSS-Protection “1; mode=block”;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt { allow all; log_not_found off; access_log off; }
location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
# set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header gzip off;
# Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off;
error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php;
location / { rewrite ^ /index.php$uri; }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; }
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; }
# Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; }
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; }
And in the nginx error.log
unknown directive “fastcgi_request_buffering”
