diff --git a/CT-Build/Alpine.yaml b/CT-Build/Alpine.yaml index c965e80..edcdefd 100644 --- a/CT-Build/Alpine.yaml +++ b/CT-Build/Alpine.yaml @@ -1,6 +1,6 @@ image: distribution: "alpinelinux" - release: "3.18" + release: "3.19" source: downloader: alpinelinux-http @@ -494,6 +494,8 @@ packages: - php82-gmp - php82-sysvsem - php82-exif + - php82-bz2 + - php82-sodium - libpng - zlib - imagemagick diff --git a/CT-Files/nextcloud/Configs/nginx.conf b/CT-Files/nextcloud/Configs/nginx.conf index a1af002..d1882ad 100644 --- a/CT-Files/nextcloud/Configs/nginx.conf +++ b/CT-Files/nextcloud/Configs/nginx.conf @@ -13,7 +13,7 @@ http { tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; - server_tokens off; + server_tokens on; client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 8m; @@ -25,6 +25,12 @@ http { access_log off; error_log /var/log/nginx/error.log; #Server config for Nextcloud + + map $arg_v $asset_immutable { + "" ""; + default "immutable"; + } + server { listen 80 default_server; listen [::]:80 default_server; @@ -59,7 +65,22 @@ http { gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + client_body_buffer_size 512k; + fastcgi_hide_header X-Powered-By; + + include mime.types; + types { + text/javascript mjs; + } + + index index.php index.html /index.php$request_uri; + + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } location = /robots.txt { allow all; @@ -68,25 +89,19 @@ http { } location ^~ /.well-known { - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - location ^~ /.well-known { return 301 /index.php$uri; } - try_files $uri $uri/ =404; + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + return 301 /index.php$request_uri; } - location / { - rewrite ^ /index.php; - } + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + location ~ \.php(?:$|/) { + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; @@ -95,23 +110,16 @@ http { fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; - fastcgi_pass unix:/run/php-fpm82/php-fpm.sock; + fastcgi_pass unix:/run/php-fpm82/php-fpm.sock; fastcgi_intercept_errors on; fastcgi_request_buffering off; + fastcgi_max_temp_file_size 0; } - location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ { + # Serve static files + location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header Referrer-Policy "no-referrer" always; - add_header X-Download-Options "noopen" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; + add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; location ~ \.wasm$ { default_type application/wasm; @@ -124,9 +132,12 @@ http { access_log off; } - location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { - try_files $uri /index.php$request_uri; - access_log off; + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; } } } \ No newline at end of file diff --git a/Scripts/AlpineUpdatePHPVer.sh b/Scripts/AlpineUpdatePHPVer.sh new file mode 100644 index 0000000..8074abe --- /dev/null +++ b/Scripts/AlpineUpdatePHPVer.sh @@ -0,0 +1,12 @@ +#!/bin/bash +#Vars + +#Goto ProjectRoot +cd "$( cd "$( dirname "$0" )" &> /dev/null && pwd )/.." + +read -p "Old PHP version (example 82): " OldPHPVer +read -p "New PHP version (example 83): " NewPHPVer + +sed -e -i "s/php$OldPHPVer/php$NewPHPVer/g" ./CT-Build/Alpine.yaml + +find ./CT-Files -name '*' | xargs sed -i -e "s/php-fpm$OldPHPVer/php-fpm$NewPHPVer/g" -e "s/php$OldPHPVer/php$NewPHPVer/g"