Pretty urls for nextcloud 11 with nginx and php5

wittich · April 28, 2017, 10:21am

Is there a way to get pretty urls with nextcloud on a nginx webserver with php 5.6.

As I see it there are two problems:

rewrite the urls with nginx so they are addressed to index.php file etc. and
change the config of nextcloud to remove index.php links form there app

My nginx config looks like that:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate     /etc/ssl/certs/clouddomain.ltdcrt;
    ssl_certificate_key /etc/ssl/private/clouddomain.ltdkey;
    set $root_path "/media/storage/nextcloud";
    root $root_path;
    index index.php;
    set $socket "unix:/var/run/fpm-759c4785-ef9f904a4833.sock";
    access_log /var/log/nginx/storage-access.log;
    error_log  /var/log/nginx/storage-error.log;
    large_client_header_buffers 4 16k;
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    client_max_body_size 10G; # set max upload size
    fastcgi_buffers 64 4K;
    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
        deny all;
    }
    location / {
        # The following 2 rules are only needed with webfinger
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
        rewrite ^ /index.php$uri;
        try_files $uri $uri/ index.php;
    }
    location ~ ^(.+?\.php)(/.*)?$ {
        try_files $1 = 404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$1;
        fastcgi_param PATH_INFO $2;
        fastcgi_param HTTPS on;
        fastcgi_pass $socket;
    }
    # Optional: set long EXPIRES header on static assets
    location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
        expires 30d;
        # Optional: Don't log access to assets
        access_log off;
    }
}

Nextcloud version: 11.0.3
Operating system and version: Debian Jessie
nginx version: 1.6.2
PHP version: 5.6

tflidd · April 29, 2017, 8:36pm

I found this example (not tested):

gist.github.com

https://gist.github.com/stevenmirabito/5560ba2feea9eeb32db1

owncloud-nginx-pretty-urls.conf

upstream php-fpm {
	# Path to PHP-FPM socket
	server unix:/var/run/php-fpm/php-fpm.sock;
}

server {
	# Listen on port 80 for non-SSL connections
	listen 80;
	server_name YOURDOMAIN.XYZ;

This file has been truncated. show original

If you succeed, this could be a nice thing for the documentation.

wittich · May 15, 2017, 9:53pm

Finally I had time to test that configuration! It works pretty sweet as far as I can tell!

Big thx to @tflidd !

I just had to correct the last section where it tells nginx how to pass the php files to php-fpm.

Here is my final config for the moment:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate     /etc/ssl/certs/clouddomain.ltdcrt;
    ssl_certificate_key /etc/ssl/private/clouddomain.ltdkey;
    set $root_path "/media/storage/nextcloud";
    root $root_path;
    index index.php;
    set $socket "unix:/var/run/fpm-759c4785-ef9f904a4833.sock";
    access_log /var/log/nginx/storage-access.log;
    error_log  /var/log/nginx/storage-error.log;
    large_client_header_buffers 4 16k;
    
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

    # Set max upload size
    client_max_body_size 10G; 
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Only use index.php for the index page
    index index.php;

    # Use pretty error pages
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    # If robots.txt is present, always allow access and serve it directly
    # If it isn't, don't log the access attempt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to the data and config directories, .ht* files,
    # the README, and the database structure definition
    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
        deny all;
    }

    # Pretty URLs for WebDAV
    location ~* \/remote\/(?:.*)$ {
        rewrite ^ /remote.php last;
    }

    # Rewrite file preview requests and requests for the JS configuration file
    # to the nextcloud front controller
    location ~* \/core\/(?:js\/oc\.js|preview\.png).*$ {
        rewrite ^ /index.php last;
    }

    # Main location block
    # Most requests will fall into this block
    location / {
        # Specific rewrites for WebDAV/CalDAV/CardDAV and documentation
        rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
        rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
        rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
        # The following 2 rules are only needed with webfinger
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

        # Exclude static assets, specific PHP files, and Let's Encrypt verifications,
        # then rewrite everything else to the ownCloud front controller
    	if ($uri !~* (?:\.(?:css|js|svg|gif|png|html|ttf|woff)$|^\/(?:remote|public|cron|status|ocs\/v1|ocs\/v2)\.php|^\/\.well-known\/acme-challenge\/.*$)){
            rewrite ^ /index.php last;
        }

    }

    # Set a long expires header on static assets, excluding files accessed through WebDAV
    # This block will break uploads to WebDAV for the listed file extensions without the negative lookahead
    location ~* ^(?!\/remote\.php)(?:.*)\.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|html|svg|ttf|woff)$ {
        expires 30d;
        # Optional: Don't log access to assets
        access_log off;
    }    

    # Pass PHP files to PHP-FPM for processing
    location ~ ^(.+?\.php)(/.*)?$ {
        try_files $1 = 404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$1;
        fastcgi_param PATH_INFO $2;
        fastcgi_param HTTPS on;
        # Tell nextcloud we're rewriting URLs
        fastcgi_param front_controller_active true;
        fastcgi_pass $socket;
    }       

}

tflidd · May 16, 2017, 7:22am

I referred to this topic on the bug tracker: