nginx example configs: minor suggestions/ideas #1552
Description
This is just a short list of ideas that are IMO too trivial to split into individual issues. None of these exactly fit my area of expertise either; I might be wrong about any or all of them just as easily.
- Currently we are advised to use
gzip off;in nginx configs so that the ETag header isn't lost. An alternative is to usegzip_proxied no_etag;as is described here - Suppressing Log Messages says that the
location = /data/htaccesstest.txtclause should containallow all;. This should bedeny all;because, if access to this file is permitted, there will be a security warning under Security & setup warnings on the Server Settings admin page that says that the data directory is probably reachable from the Internet. - It should be noted that client_max_body_size 512M only configures the upload size from the vantage point of nginx. But as I understand it, php-specific settings could also cause the maximum permitted upload size to be lower. To solve this, I have the following line inside the
locationclause for php files:
fastcgi_param PHP_ADMIN_VALUE "upload_max_filesize = 512M\npost_max_size = 513M";
- Currently we are advised to use HTTP status 301 (moved permanently) for redirects. Personally I prefer 307 (temporary redirect) because in theory this won't cause long lifetimed caches to mess up when something changes. For example, until recently, I had
/.well-known/carddavredirect to/remote.php/carddavwhich apparently is/remote.php/davnow.
Some final thoughts: I hope these points are useful to someone but feel free to shoot holes in them and/or discard this issue in its entirety. I wanted to contribute the above points after running into them while I was updating my own Nextcloud instance, which I only run for a handful of people, me included. I do want to apologize in advance if people consider it careless of me to stick all of these into just one "drive-by issue report" - they didn't really seem like actual issues, and personal circumstances really limit my availability as well.