server { server_name {{domain}}; {% include 'roles/native-letsencrypt/templates/ssl_header.j2' %} # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # set max upload size client_max_body_size 10G; client_body_buffer_size 400M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; {% include 'roles/native-nginx-docker-proxy/templates/proxy_pass.conf.j2' %} location ^~ /.well-known { rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last; rewrite ^/\.well-known/host-meta /public.php?service=host-meta last; rewrite ^/\.well-known/webfinger /public.php?service=webfinger last; rewrite ^/\.well-known/nodeinfo /public.php?service=nodeinfo last; location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } try_files $uri $uri/ =404; } }