jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud nginx fixes

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-06 22:23:16 -06:00
parent d7191f7a02
commit 661629924e
4 changed files with 162 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
modules/servers/nextcloud.nix
View File

@@ -256,78 +256,51 @@ in
};
};
})
(lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.networking.hostName == "vps") {
services.nginx.virtualHosts = {
"${cfg.host}" = {
forceSSL = true;
enableACME = true;
http2 = true;
default = true;
serverAliases = [ "cloud.rotehaare.art" ];
extraConfig = ''
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
'';
locations = {
"/" = {
proxyPass = cfg.local;
proxyWebsockets = true;
};
(lib.mkIf (cfgC.enableProxy && config.my.enableProxy) {
services.nginx.virtualHosts.${cfgC.host} = {
forceSSL = true;
enableACME = true;
http2 = true;
locations = {
# static files
"^~ /browser" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
};
"${cfgC.host}" = lib.mkIf cfgC.enableProxy {
forceSSL = true;
enableACME = true;
http2 = true;
locations = {
# static files
"^~ /browser" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Legacy static files (for compatibility)
"^~ /loleaflet" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/cool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy websocket (for compatibility)
"~ ^/lool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /cool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy Admin Console websocket (for compatibility)
"^~ /lool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy static files (for compatibility)
"^~ /loleaflet" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/cool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy websocket (for compatibility)
"~ ^/lool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /cool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy Admin Console websocket (for compatibility)
"^~ /lool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
};
};