computer-playbook/roles/web-app-nextcloud/templates/proxy.conf.j2

server
{
  server_name {{ domain }};

  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}

  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}

  # Remove X-Powered-By, which is an information leak
  fastcgi_hide_header X-Powered-By;

  # Set X-Robots-Tag to noindex, nofollow on all responses
  add_header X-Robots-Tag "noindex, nofollow";

  # set max upload size
  client_max_body_size 10G;
  client_body_buffer_size 400M;
  fastcgi_buffers 64 4K;

  {% if NEXTCLOUD_HPB_SIGNALING_ENABLED | bool %}
    {% set webserver_websocket_location = '^~ ' ~ NEXTCLOUD_HPB_SIGNALING_LOCATION %}
    {% set webserver_websocket_port     = NEXTCLOUD_PORT %}
    {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
  {% endif %}

  {% if NEXTCLOUD_WHITEBOARD_ENABLED | bool %}
    {% set webserver_websocket_location = '^~ ' ~ NEXTCLOUD_WHITEBOARD_LOCATION %}
    {% set webserver_websocket_port     = NEXTCLOUD_PORT %}
    {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
  {% endif %}

  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}

  location ^~ /.well-known {
    rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;
    rewrite ^/\.well-known/host-meta        /public.php?service=host-meta       last;
    rewrite ^/\.well-known/webfinger        /public.php?service=webfinger       last;
    rewrite ^/\.well-known/nodeinfo         /public.php?service=nodeinfo        last;

    location = /.well-known/carddav     { return 301 /remote.php/dav/; }
    location = /.well-known/caldav      { return 301 /remote.php/dav/; }
    location = /.well-known/webfinger    { return 301 /index.php/.well-known/webfinger; }
    location = /.well-known/nodeinfo     { return 301 /index.php/.well-known/nodeinfo; }

    try_files $uri $uri/ =404;
  }
}