Updates for the nginx community configuration

tom42 · August 9, 2020, 4:02pm

Hey,

unfortunately i can’t edit the Nginx documentation (Unofficial (Community) ) anymore as it is locked. Hope some one of the @moderators team could do the following edits to that posting:

Today i have learned that the next ownCloud version (i think 10.5.1 or 10.6.0) will block some additional files for security reasons with https://github.com/owncloud/core/pull/37735.

I think the same could / should be applied to the nginx community configuration:

For the “ownCloud in the web root of Nginx” config the following:

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }

should be replaced with:

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|changelog|data)/ {
        return 404;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console|core/skeleton/) {
        return 404;
    }
    location ~ ^/core/signature\.json {
        return 404;
    }

and for the “ownCloud in a subdirectory of Nginx” config the following:

        location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            return 404;
        }
        location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            return 404;
        }

should be replaced with:

        location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|changelog|data)/ {
            return 404;
        }
        location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console|core/skeleton/) {
            return 404;
        }
        location ~ ^/owncloud/core/signature\.json {
            return 404;
        }

tom42 · August 9, 2020, 4:23pm

I’m also not sure about the SSL configuration because i think CSS and Javascript error over HTTPS with nginx could be related to it but i’m too inexperienced with SSL to say something about that.

dmitry · August 10, 2020, 8:20am

I will open up the thread and close it as soon as you are done editing

tom42 · September 5, 2020, 9:17am

Hey,

sorry took me a while to check / get back to this forums. Thanks for re-opening the topic, unfortunately it seems that after opening the topic i’m still not able to edit the topic there. :-/

dmitry · September 7, 2020, 2:02pm

I updated your post. Hope I didn’t miss anything.

tom42 · September 9, 2020, 1:45pm

Nice, thank you very much for handling my request to update the config. The changes looks good from my PoV.

I’m only not sure about the following:

but maybe some one else of the community can share some knowledge about this.

tom42 · March 13, 2021, 9:26am

Hey @dmitry,

i think i have found a problem in the nginx config and i would be happy if it could be updated.

Instead of:

oc[sm]-provider/.+||core/templates/40[34])

it should be (without the doubled ||):

oc[sm]-provider/.+|core/templates/40[34])

eneubauer · March 15, 2021, 9:48am

I’ve done it, let me know if there’s anything else.