Overview

File nextcloud.http.config.inc of Package nextcloud

<Directory "@NC_DIR@">
  Options +FollowSymLinks -Indexes
  # ignore .htaccess
  AllowOverride None
  AddDefaultCharset utf-8

  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
  <IfModule mod_access_compat.c>
    Order Allow,Deny
    Allow from all
    Satisfy All
  </IfModule>

  # config taken from nextcloud/.htacces
  <IfModule mod_headers.c>
    <IfModule mod_setenvif.c>
      <IfModule mod_fcgid.c>
         SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
         RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
      </IfModule>
      <IfModule mod_proxy_fcgi.c>
         SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
      </IfModule>
      <IfModule mod_lsapi.c>
        SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
        RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
      </IfModule>
    </IfModule>

    <IfModule mod_env.c>
      # Add security and privacy related headers

      # Avoid doubled headers by unsetting headers in "onsuccess" table,
      # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
      Header onsuccess unset Referrer-Policy
      Header always set Referrer-Policy "no-referrer"

      Header onsuccess unset X-Content-Type-Options
      Header always set X-Content-Type-Options "nosniff"

      Header onsuccess unset X-Frame-Options
      Header always set X-Frame-Options "SAMEORIGIN"

      Header onsuccess unset X-Permitted-Cross-Domain-Policies
      Header always set X-Permitted-Cross-Domain-Policies "none"

      Header onsuccess unset X-Robots-Tag
      Header always set X-Robots-Tag "noindex, nofollow"

      Header onsuccess unset X-XSS-Protection
      Header always set X-XSS-Protection "1; mode=block"

      Header onsuccess unset Strict-Transport-Security
      Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

      SetEnv modHeadersAvailable true
    </IfModule>

    # Add cache control for static resources
    <FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)$">
      <If "%{QUERY_STRING} =~ /(^|&)v=/">
        Header set Cache-Control "max-age=15778463, immutable"
      </If>
      <Else>
        Header set Cache-Control "max-age=15778463"
      </Else>
    </FilesMatch>

    # Let browsers cache WOFF files for a week
    <FilesMatch "\.woff2?$">
      Header set Cache-Control "max-age=604800"
    </FilesMatch>
  </IfModule>

  <IfModule mod_rewrite.c>
    RewriteEngine on

    RewriteCond %{HTTP_USER_AGENT} DavClnt
    RewriteRule ^remote/(.*) remote.php [QSA,L]
    RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
    RewriteRule ^/\.well-known/(?!acme-challenge|pki-validation) index.php [QSA,L]
    RewriteRule ^ocm-provider/?$ index.php [QSA,L]
    RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
  </IfModule>

  SetEnv HOME @NC_DIR@
  SetEnv HTTP_HOME @NC_DIR@
</Directory>

# config taken from nextcloud/config/.htaccess
<Directory "@NC_DIR@/config/">
  # just in case if .htaccess gets disabled
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule mod_access_compat.c>
    Order Allow,Deny
    Deny from all
    Satisfy All
  </IfModule>
</Directory>

<Directory "@NC_DIR@/data/">
  # just in case if .htaccess gets disabled
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule mod_access_compat.c>
    Order Allow,Deny
    Deny from all
    Satisfy All
  </IfModule>
</Directory>

# PHP 7
<IfModule mod_php7.c>
  Include @APACHE_CONFDIR@/nextcloud.mod_php.inc
</IfModule>
# PHP 8
<IfModule mod_php.c>
  Include @APACHE_CONFDIR@/nextcloud.mod_php.inc
</IfModule>

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddType application/wasm wasm
  AddEncoding gzip svgz
</IfModule>

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
  RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]

  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /nextcloud/remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
</IfModule>
openSUSE Build Service is sponsored by
Places