Re: UPDATE: Nextcloud-16.0.1

Sat, 18 May 2019 01:08:35 -0700 


> On 17. May 2019, at 21:33, Stefan Sperling <s...@stsp.name> wrote:
> 
>> On Fri, May 17, 2019 at 06:11:08PM +0200, Bruno Flueckiger wrote:
>> @@ -48,23 +48,27 @@ server "domain.tld" {
>>        key "/etc/ssl/private/domain.tld_private.pem"
>>    }
>> 
>> +    directory index index.php
>> +
>>    # First deny access to the specified files
>> -    location "/.ht*"                { block }
>> -    location "/.user*"              { block }
>> -    location "/3rdparty*"           { block }
>> -    location "/README"              { block }
>> -    location "/autotest*"           { block }
>> -    location "/build*"              { block }
>> -    location "/config*"             { block }
>> -    location "/console*"            { block }
>> -    location "/data*"               { block }
>> -    location "/db_*"                { block }
>> -    location "/indie*"              { block }
>> -    location "/issue*"              { block }
>> -    location "/lib*"                { block }
>> -    location "/occ*"                { block }
>> -    location "/templates*"          { block }
>> -    location "/tests*"              { block }
>> +    location "/nextcloud/.ht*"      { block }
>> +    location "/nextcloud/.user*"    { block }
>> +    location "/nextcloud/3rdparty*" { block }
>> +    location "/nextcloud/AUTHORS"   { block }
>> +    location "/nextcloud/COPYING"   { block }
>> +    location "/nextcloud/config*"   { block }
>> +    location "/nextcloud/console*"  { block }
>> +    location "/nextcloud/data*"     { block }
>> +    location "/nextcloud/lib*"      { block }
>> +    location "/nextcloud/occ*"      { block }
>> +
>> +    location "/.well-known/caldav" {
>> +        block return 301 "https://$SERVER_NAME/nextcloud/remote.php/dav";
>> +        }
>> +
>> +        location "/.well-known/carddav" {
>> +        block return 301 "https://$SERVER_NAME/nextcloud/remote.php/dav";
>> +        }
>> 
>>    location "/*.php*" {
>>        root "/nextcloud"
> 
> It is possible to run nextcloud with a block-by-default ruleset policy.
> For example:
> 
>        block drop
> 
>    # Ensure that no '*.php*' files can be fetched from these directories
>    location "/nextcloud/config/*" {
>        block drop
>    }
>    location "/nextcloud/data/*" {
>        block drop
>    }
> 
>    # Note that this matches "*.php*" anywhere in the request path.
>    location "/nextcloud/*.php*" {
>        root "/nextcloud"
>        request strip 1
>        fastcgi socket "/run/php-fpm.sock"
>        pass
>    }
> 
>    location "/nextcloud/apps/*" {
>        root "/nextcloud"
>        request strip 1
>        pass
>    }
> 
>    location "/nextcloud/core/*" {
>        root "/nextcloud"
>        request strip 1
>        pass
>    }
> 
>    location "/nextcloud/settings/*" {
>        root "/nextcloud"
>        request strip 1
>        pass
>    }
> 
>    location "/nextcloud" {
>        block return 301 "$DOCUMENT_URI/index.php"
>    }
> 
>    location "/nextcloud/" {
>        block return 301 "$DOCUMENT_URI/index.php"
>    }

A diff would be nice, I like a simpler version of httpd.conf.























					Reply via email to