server { listen [::]:80; listen 80; server_name cloud.wojciechkozlowski.eu; location ^~ /.well-known { allow all; root /var/www/html; } location / { return 301 https://$server_name$request_uri; } } server { listen [::]:8443 ssl proxy_protocol; listen 8443 ssl proxy_protocol; server_name cloud.wojciechkozlowski.eu; ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/chain.pem; set_real_ip_from {{ services_all_services.rproxy.inet_address }}; set_real_ip_from {{ services_all_services.rproxy.inet6_address }}; set_real_ip_from {{ services_all_services.lrproxy.inet_address }}; set_real_ip_from {{ services_all_services.lrproxy.inet6_address }}; real_ip_header proxy_protocol; # Values copied and adjusted from # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html. client_max_body_size 0; client_body_timeout 3600s; client_body_buffer_size 512k; # Redirect rules copied from # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html. location ^~ /.well-known { location = /.well-known/webfinger { return 301 $scheme://$host:443/index.php$uri; } location = /.well-known/nodeinfo { return 301 $scheme://$host:443/index.php$uri; } location = /.well-known/carddav { return 301 $scheme://$host:443/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:443/remote.php/dav; } } location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://pod-cloud; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }