public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #56496 from bachp/nextcloud-nginx-recommended

Browse Source 
nixos/nextcloud: Update recommended nginx settings
This commit is contained in:
Franz Pletz 2019-03-02 01:18:18 +00:00 committed by GitHub
commit 542e384916
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -5,14 +5,18 @@ with lib;
let let
cfg = config.services.nextcloud; cfg = config.services.nextcloud;
phpPackage = pkgs.php73;
phpPackages = pkgs.php73Packages;
toKeyValue = generators.toKeyValue { toKeyValue = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {} " = "; mkKeyValue = generators.mkKeyValueDefault {} " = ";
}; };
phpOptionsExtensions = '' phpOptionsExtensions = ''
${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} ${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"}
${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} ${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"}
${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} ${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"}
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
zend_extension = opcache.so zend_extension = opcache.so
opcache.enable = 1 opcache.enable = 1
''; '';
@ -94,18 +98,6 @@ in {
''; '';
}; };
phpPackages = mkOption {
type = types.attrs;
default = pkgs.php71Packages;
defaultText = "pkgs.php71Packages";
description = ''
Overridable attribute of the PHP packages set to use. If any caching
module is enabled, it will be taken from here. Therefore it should
match the version of PHP given to
<literal>services.phpfpm.phpPackage</literal>.
'';
};
phpOptions = mkOption { phpOptions = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = { default = {
@ -373,14 +365,14 @@ in {
}; };
services.phpfpm = { services.phpfpm = {
phpOptions = phpOptionsExtensions;
phpPackage = pkgs.php71;
pools.nextcloud = let pools.nextcloud = let
phpAdminValues = (toKeyValue phpAdminValues = (toKeyValue
(foldr (a: b: a // b) {} (foldr (a: b: a // b) {}
(mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; })
phpOptions))); phpOptions)));
in { in {
phpOptions = phpOptionsExtensions;
phpPackage = phpPackage;
listen = "/run/phpfpm/nextcloud"; listen = "/run/phpfpm/nextcloud";
extraConfig = '' extraConfig = ''
listen.owner = nginx listen.owner = nginx
@ -421,7 +413,7 @@ in {
}; };
"/" = { "/" = {
priority = 200; priority = 200;
extraConfig = "rewrite ^ /index.php$uri;"; extraConfig = "rewrite ^ /index.php$request_uri;";
}; };
"~ ^/store-apps" = { "~ ^/store-apps" = {
priority = 201; priority = 201;
@ -458,22 +450,23 @@ in {
fastcgi_read_timeout 120s; fastcgi_read_timeout 120s;
''; '';
}; };
"~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\/)".extraConfig = ''
try_files $uri/ =404; try_files $uri/ =404;
index index.php; index index.php;
''; '';
"~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off; access_log off;
''; '';
"~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = ''
try_files $uri /index.php$uri$is_args$args; try_files $uri /index.php$request_uri;
access_log off; access_log off;
''; '';
}; };
@ -483,10 +476,12 @@ in {
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
error_page 403 /core/templates/403.php; error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php; error_page 404 /core/templates/404.php;
client_max_body_size ${cfg.maxUploadSize}; client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;
gzip on; gzip on;
gzip_vary on; gzip_vary on;
gzip_comp_level 4; gzip_comp_level 4;