Beiträge von mpbtwok

ssl_ciphers 'MIIDMjCCAhoCCQDj1/RgLVgxzDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQIDAJD
QTERMA8GA1UEBwwIQ2FybHNiYWQxFzAVBgNVBAoMDkxpbnV4c2VydmVyLmlvMRQw
EgYDVQQLDAtMU0lPIFNlcnZlcjEKMAgGA1UEAwwBKjAeFw0xODAxMTIyMDQ1MDla
Fw0yODAxMTAyMDQ1MDlaMFsxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhDYXJsc2Jh
ZDEXMBUGA1UECgwOTGludXhzZXJ2ZXIuaW8xFDASBgNVBAsMC0xTSU8gU2VydmVy
MQowCAYDVQQDDAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4rT
nbga4kHCXI5hLB0yBj0PSGRTbFUFzC0vb9gAnJ6ZZny8lgYNNjBZVF15r/9rt7x9
xWMXaxIVA/G1gufYIwiTLtfgocu/Pf+FZ2QuV6zoq9AYtcapVcqPyzSIM0Gx0mmd
VS9Zbb1VKXeO0MD4AIzjnfMpOMeoy/XrJOdsheW418GZAHe7CN1Lf6K8FQmK/s/W
zwG/9jMrXoQ2NZTlG8QRe+yq0MJAXNmiIscod0BTtIJ5yu+c1jXal+bOkqzwwT/U
AHSixt879jS8i8Vqs2Rj5LsX5vwV6OSxHECtwZ4GIRXPv1c92qrGD/2YmK17fs1Y
4mXrpJnUprwrvTW0NwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBFI6EuTSOlJCfx
cyqTGcl+0C7IWEF7jysUAvl9yvZrbMDIIk7lAkdfrwMYhfLp9CfvWGyAe6XNKLPT
SUOP1o3DZQfPjebbBFntI3vqjpKJn6LC9EP42H7ZoZ2LQTs1SHgIS3yxUm8FOsd1
l/8D//JjsYpd63aSDMDgJucOAbZrrIN1T+V+FvZwYPtTvZIiW9yhCV1KEhN7TwUY
pXKyeTXZY6oin0viYebM5aCuFqO2HYLRCDkrJrhamvKkjW86O69AI8kiJUC3ciar
ObwRBmJiB1fhZ5i9FpW8N8NPBQ2e3rNm9etoaJbw5edxmAfbhNYlQzLWDyeLlIKF
JD4d+HsS';

upstream backend {
	server 192.168.0.99:19999;
	keepalive 64;
}


server {
	listen 443 ssl default_server;
	listen 80 default_server;
	root /config/www;
	index index.html index.htm index.php;


	server_name _;


	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;


	client_max_body_size 0;


	location = / {
		return 301;
	}
	location / {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.0.99:1316/;
	}
}
server {
	listen 443 ssl;
	listen 80;
	root /config/www;
	index index.html index.htm index.php;


	server_name cloud.domain.com;


	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;


	client_max_body_size 0;


	location = / {
		return 301;
	}
	location / {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.0.99:1317/;
	}
}
server {
	listen 443 ssl;
	listen 80;
	root /config/www;
	index index.html index.htm index.php;


	server_name guacamole.domain.com;


	ssl_certificate /config/keys/letsencrypt/fullchain.pem;
	ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;


	client_max_body_size 0;


	location = / {
		return 301;
	}
	location / {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.0.99:1317/;
	}
}

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => '123',
  'passwordsalt' => '123',
  'secret' => '123',
  'trusted_domains' => 
  array (
    0 => '192.168.0.99:13164',
    1 => 'cloud.domain.com',
	2 => 'domain.com',
  ),
'trusted_proxies' => '192.168.0.99',
'overwritewebroot' => '/',
'overwrite.cli.url' => '/',
  'dbtype' => 'sqlite3',
  'version' => '13.0.0.14',
  'installed' => true,
);

upstream php-handler {
  server 127.0.0.1:9000;
# server unix:/var/run/php/php7.0-fpm.sock;
}


server {
  listen 80;
  server_name _;
  # enforce https
  return 301 https://$server_name$request_uri;
}


server {
  listen 443 ssl;
  server_name _;


  ssl_certificate /config/keys/cert.crt;
  ssl_certificate_key /config/keys/cert.key;


  # Add headers to serve security related headers
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  add_header X-Content-Type-Options nosniff;
  # add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;


  # Path to the root of your installation
  root /config/www/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;


  # Disable gzip to avoid the removal of the ETag header
  gzip off;


  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;


  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;


  rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  rewrite ^/.well-known/caldav /remote.php/dav/ permanent;


  # The following 2 rules are only needed for the user_webfinger app.
  # Uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;


  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }


  location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }


  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }


  location / {


    rewrite ^/remote/(.*) /remote.php last;


    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;


    try_files $uri $uri/ =404;
  }


  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }


  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't [definition='1','0']log[/definition] access to assets
    access_log off;
  }


  # Optional: Don't [definition='1','0']log[/definition] access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
}