So Im running NextCloud on a dedicated VM and Im using a reverse nginx proxy to redirect the requests to it. I’ve been having some issues with syncing of larger files which Ive nailed down to incorrect nginx configuration parameters. I now have the following:
server {
listen 3241 ssl;
server_name cloud.test.com;
client_body_in_file_only clean;
client_max_body_size 16G;
gzip off;
fastcgi_buffers 64 4k;
fastcgi_connect_timeout 60;
fastcgi_read_timeout 512;
send_timeout 600;
sendfile on;
client_body_buffer_size 64k;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:
DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA';
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/cloud.test.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.test.com/privkey.pem;
location / {
proxy_pass https://cloud.test.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 2048m;
proxy_read_timeout 256;
proxy_redirect off;
proxy_set_header Connection "Keep-Alive";
}
}
Can anyone comment on whether this looks good? I’m not sure if the client_max_body_size parameter needs to be as large as the max file size I want to support or if the fastcgi parameters are required in a reverse proxy configuration at all. Any advice would be much appreciated.