nextcloud-aws/roles/nextcloud/files/nginx.conf

# Run as a less privileged user for security reasons.
user nginx;

# #worker_threads to run;
# "auto" sets it to the #CPU_cores available in the system, and
# offers the best performance.
worker_processes    auto;

events { worker_connections 1024; }

http {

    server {
        listen 80;
        server_name cloud.stoopid.club;
        server_tokens off;

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        location / {
            return 301 https://$host$request_uri;
        }

    }

    server {
        # Hide nginx version information.
        server_tokens off;

        listen  443 ssl default_server;

        server_name cloud.stoopid.club;

        root    /usr/share/nginx/html;
        include /etc/nginx/mime.types;

        ssl_certificate /etc/letsencrypt/live/cloud.stoopid.club/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cloud.stoopid.club/privkey.pem;

        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

#        location / {
#            try_files $uri $uri/ /index.html;
#        }

        gzip            on;
        gzip_vary       on;
        gzip_http_version  1.0;
        gzip_comp_level 5;
        gzip_types
                        application/atom+xml
                        application/javascript
                        application/json
                        application/rss+xml
                        application/vnd.ms-fontobject
                        application/x-font-ttf
                        application/x-web-app-manifest+json
                        application/xhtml+xml
                        application/xml
                        font/opentype
                        image/svg+xml
                        image/x-icon
                        text/css
                        text/plain
                        text/x-component;
        gzip_proxied    no-cache no-store private expired auth;
        gzip_min_length 256;
        gunzip          on;

        location @nextcloud {
            proxy_pass http://nextcloud;
        }

        location / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header Host            $host;
            proxy_set_header X-Real-IP       $remote_addr;

            client_max_body_size  0; # default is 1M

            proxy_connect_timeout 10m;
            proxy_send_timeout    10m;
            proxy_read_timeout    10m;
            send_timeout          10m;

            try_files /dev/null @nextcloud;
        }
    }

    include /etc/nginx/conf.d/*.conf;

}