Revamped build process
This commit is contained in:
parent
b9f4dee100
commit
4a15a0d63b
|
@ -1,7 +0,0 @@
|
|||
FROM nginx:alpine
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
RUN set -x ; \
|
||||
addgroup -g 82 -S www-data ; \
|
||||
adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
|
28
README.md
28
README.md
|
@ -1,2 +1,28 @@
|
|||
# Description
|
||||
This is an image based on official [nginx:alpine](https://hub.docker.com/_/nginx/). It adds the recommended ```nginx.conf``` and the ```www-data (82:82)``` user for Nextcloud fpm-alpine.
|
||||
This is an image based on official [nginx](https://hub.docker.com/_/nginx/). It adds the recommended ```nginx.conf``` and the ```www-data (82:82)``` user for Nextcloud fpm-alpine.
|
||||
|
||||
# Tags
|
||||
These are the currently available tags:
|
||||
|
||||
```
|
||||
1.27-alpine
|
||||
1.27-alpine-slim
|
||||
1.27-bookworm
|
||||
1.26-alpine
|
||||
1.26-alpine-slim
|
||||
1.26-bookwork
|
||||
mainline-alpine
|
||||
mainline-alpine-slim
|
||||
mainline-bookwork
|
||||
stable-alpine
|
||||
stable-alpine-slim
|
||||
stable-bookworm
|
||||
```
|
||||
|
||||
Plus the specific tagged versions, if needed for reverting. You can check those out in the tag history.
|
||||
|
||||
# Source
|
||||
https://git.belmankraul.com/docker/nginx-nextcloud
|
||||
|
||||
# Issues
|
||||
For issues or questions, visit https://git.belmankraul.com/docker/nginx-nextcloud
|
104
build
104
build
|
@ -1,7 +1,99 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
docker pull nginx:alpine
|
||||
docker build $1\
|
||||
-t bkraul/nginx-nextcloud:latest \
|
||||
-t bkraul/nginx-nextcloud:alpine \
|
||||
.
|
||||
# use this as: PUSH=0 ./build ... in order to set the variable. default is PUSH=1
|
||||
PUSH=${PUSH:-1}
|
||||
# use this as: FORCE=1 ./build ... in order to set the variable. default is FORCE=0
|
||||
FORCE=${FORCE:-0}
|
||||
|
||||
if [ ! "$1" == "" ]; then
|
||||
IMAGE_VERSION=$1
|
||||
else
|
||||
echo "No nginx version specified."
|
||||
echo "Avaiilable versions: 1.26, 1.27, mainline, stable"
|
||||
echo "Exiting (1)."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! "$2" == "" ]; then
|
||||
VARIANTS=$2
|
||||
else
|
||||
VARIANTS=("alpine" "alpine-slim" "bookworm")
|
||||
fi
|
||||
|
||||
# set username and password
|
||||
# requires vars DOCKER_USER and DOCKER_PASS to be defined before calling.
|
||||
# useful functions.
|
||||
function docker_tag_exists() {
|
||||
TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${DOCKER_USER}'", "password": "'${DOCKER_PASS}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)
|
||||
curl --silent -f --head -lL https://hub.docker.com/v2/repositories/$1/tags/$2/ > /dev/null
|
||||
}
|
||||
|
||||
for item in "${!VARIANTS[@]}"
|
||||
do
|
||||
IMAGE_VARIANT=${VARIANTS[$item]}
|
||||
UPSTREAM_IMAGE=nginx
|
||||
UPSTREAM_IMAGE_TAG=${IMAGE_VERSION}-${IMAGE_VARIANT}
|
||||
IMAGE=bkraul/nginx-nextcloud
|
||||
|
||||
echo "Building nginx-nextcloud ${IMAGE_VERSION}, variant: ${IMAGE_VARIANT}..."
|
||||
|
||||
# pull the parent image from docker hub.
|
||||
echo "Pulling upstream image ${UPSTREAM_IMAGE}:${UPSTREAM_IMAGE_TAG}..."
|
||||
docker pull ${UPSTREAM_IMAGE}:${UPSTREAM_IMAGE_TAG} > /dev/null
|
||||
UPSTREAM_ID=$(docker image inspect --format='{{index .Id}}' ${UPSTREAM_IMAGE}:${UPSTREAM_IMAGE_TAG})
|
||||
UPSTREAM_ID=${UPSTREAM_ID:7}
|
||||
|
||||
# get the version number.
|
||||
NGINX_VERSION=$(docker inspect ${UPSTREAM_IMAGE}:${UPSTREAM_IMAGE_TAG} | jq -r '.[].Config.Env[] | select(match("^NGINX_VERSION"))')
|
||||
echo "Returned nginx version: ${NGINX_VERSION}"
|
||||
NGINX_VERSION=${NGINX_VERSION:14}
|
||||
IMAGE_TAG=${NGINX_VERSION}-${IMAGE_VARIANT}
|
||||
|
||||
if docker_tag_exists ${IMAGE} ${IMAGE_TAG}; then
|
||||
# nothing to do, the image already exists.
|
||||
echo Image ${IMAGE}:${IMAGE_TAG} already exists.
|
||||
echo "----------------------------"
|
||||
if [ $FORCE == 0 ]; then continue; fi
|
||||
fi
|
||||
|
||||
# determine the common files to use.
|
||||
# Dockerfile
|
||||
DOCKERFILE_DIR="./build-common/dockerfile"
|
||||
DOCKERFILE=""
|
||||
if [ -f "${DOCKERFILE_DIR}/Dockerfile" ]; then DOCKERFILE="${DOCKERFILE_DIR}/Dockerfile"; fi
|
||||
if [ -f "${DOCKERFILE_DIR}/Dockerfile-${IMAGE_VERSION}" ]; then DOCKERFILE="${DOCKERFILE_DIR}/Dockerfile-${IMAGE_VERSION}"; fi
|
||||
if [ -f "${DOCKERFILE_DIR}/Dockerfile-${IMAGE_VARIANT}" ]; then echo "Image variant"; DOCKERFILE="${DOCKERFILE_DIR}/Dockerfile-${IMAGE_VARIANT}"; fi
|
||||
if [ -f "${DOCKERFILE_DIR}/Dockerfile-${IMAGE_VARIANT}-${IMAGE_VERSION}" ]; then DOCKERFILE="${DOCKERFILE_DIR}/Dockerfile-${IMAGE_VARIANT}-${IMAGE_VERSION}"; fi
|
||||
|
||||
# if no valid Dockerfile is found, we abort current build and go to next variant if available.
|
||||
if [ "${DOCKERFILE}" = "" ]; then echo "No valid Dockerfile found."; continue; fi
|
||||
|
||||
# image doesn't exist we need build and push
|
||||
echo Image ${IMAGE}:${IMAGE_TAG} does not exist.
|
||||
echo "Building image(s)..."
|
||||
|
||||
docker build \
|
||||
--file ${DOCKERFILE} \
|
||||
--no-cache \
|
||||
-t ${IMAGE}:${UPSTREAM_IMAGE_TAG} \
|
||||
-t ${IMAGE}:${IMAGE_TAG} \
|
||||
--build-arg BASE_IMAGE="${UPSTREAM_IMAGE}:${UPSTREAM_IMAGE_TAG}" \
|
||||
--progress plain \
|
||||
./build-common
|
||||
|
||||
if [ $? == 0 ]; then
|
||||
# don't push if specified so (continue the variant loop).
|
||||
if [ ${PUSH} == 0 ]; then
|
||||
echo "----------------------------"
|
||||
continue;
|
||||
fi
|
||||
|
||||
echo "Pushing image(s)..."
|
||||
docker push ${IMAGE}:${IMAGE_TAG}
|
||||
docker push ${IMAGE}:${UPSTREAM_IMAGE_TAG}
|
||||
else
|
||||
echo "The build operation failed."
|
||||
echo "Please debug and try again."
|
||||
fi
|
||||
echo "----------------------------"
|
||||
done
|
||||
|
|
205
build-common/conf/nginx.conf
Normal file
205
build-common/conf/nginx.conf
Normal file
|
@ -0,0 +1,205 @@
|
|||
user www-data;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server app:9000;
|
||||
}
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default "immutable";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 5G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Add .mjs as a file extension for javascript
|
||||
# Either include it in the default mime.types list
|
||||
# or include you can include that list explicitly and add the file extension
|
||||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
}
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
#fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
|
||||
location ~ \.wasm$ {
|
||||
default_type application/wasm;
|
||||
}
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
||||
}
|
11
build-common/dockerfile/Dockerfile
Normal file
11
build-common/dockerfile/Dockerfile
Normal file
|
@ -0,0 +1,11 @@
|
|||
# retrieve the base image (default to latest).
|
||||
ARG BASE_IMAGE="nginx:alpine"
|
||||
|
||||
FROM ${BASE_IMAGE}
|
||||
LABEL org.opencontainers.image.authors="Belman Kraul <bkraul@gmail.com>"
|
||||
|
||||
COPY conf/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
RUN set -x ; \
|
||||
addgroup -g 82 -S www-data ; \
|
||||
adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
|
14
build-common/dockerfile/Dockerfile-bookworm
Normal file
14
build-common/dockerfile/Dockerfile-bookworm
Normal file
|
@ -0,0 +1,14 @@
|
|||
# retrieve the base image (default to latest).
|
||||
ARG BASE_IMAGE="nginx:mainline-bookworm"
|
||||
|
||||
FROM ${BASE_IMAGE}
|
||||
LABEL org.opencontainers.image.authors="Belman Kraul <bkraul@gmail.com>"
|
||||
|
||||
COPY conf/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
RUN set -x ; \
|
||||
usermod -u 82 www-data; \
|
||||
groupmod -g 82 www-data && exit 0; exit 1
|
||||
|
||||
#addgroup -g 82 -S www-data ; \
|
||||
#adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
|
163
nginx.conf
163
nginx.conf
|
@ -1,163 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
set_real_ip_from 10.0.0.0/8;
|
||||
set_real_ip_from 172.16.0.0/12;
|
||||
set_real_ip_from 192.168.0.0/16;
|
||||
real_ip_header X-Real-IP;
|
||||
|
||||
#gzip on;
|
||||
|
||||
upstream php-handler {
|
||||
server app:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer always;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
try_files $fastcgi_script_name =404;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
# fastcgi_param HTTPS on;
|
||||
#Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff|svg|gif)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$uri$is_args$args;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
4
push
4
push
|
@ -1,4 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
docker push bkraul/nginx-nextcloud:latest
|
||||
docker push bkraul/nginx-nextcloud:alpine
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
docker push docker-registry.belmankraul.com/bkraul/nginx-nextcloud:latest
|
||||
docker push docker-registry.belmankraul.com/bkraul/nginx-nextcloud:alpine
|
||||
|
Loading…
Reference in New Issue
Block a user