Merge pull request #244 from NobleKangaroo/fix-legacy-support

Fix LDAP module (legacy AJAX endpoints)
2026-02-19 23:03:50 +08:00 · 2022-04-14 09:37:35 -04:00 · 2022-04-14 09:37:35 -04:00 · 73cf6c6607
commit 73cf6c6607
parent afc7a69ccc 7b436bd63e
2 changed files with 29 additions and 9 deletions
--- a/readme-vars.yml
+++ b/readme-vars.yml
@ -78,6 +78,7 @@ app_setup_block: |

 # changelog
 changelogs:
+  - { date: "14.04.21:", desc: "Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default` and restart the container). Fix LDAP connection." }
  - { date: "11.09.21:", desc: "Rebasing to alpine 3.14" }
  - { date: "21.03.21:", desc: "Publish `php8` tag for testing." }
  - { date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." }
--- a/root/defaults/default
+++ b/root/defaults/default
@ -27,6 +27,7 @@ server {

    # set max upload size
    client_max_body_size 512M;
+    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
@ -35,7 +36,7 @@ server {
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
@ -85,25 +86,32 @@ server {
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
-        # The following 6 rules are borrowed from `.htaccess`
+        # The rules in this block are an adaptation of the rules
+        # in `.htaccess` that concern `/.well-known`.

-        location = /.well-known/carddav     { return 301 /remote.php/dav/; }
-        location = /.well-known/caldav      { return 301 /remote.php/dav/; }
-        # Anything else is dynamically handled by Nextcloud
-        location ^~ /.well-known            { return 301 /index.php$uri; }
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

-        try_files $uri $uri/ =404;
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
-    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
+        # Required for legacy support
+        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

@ -120,12 +128,18 @@ server {

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
    }

-    location ~ \.(?:css|js|svg|gif)$ {
+    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
    }

    location ~ \.woff2?$ {
@ -134,6 +148,11 @@ server {
        access_log off;     # Optional: Don't log access to assets
    }

+    # Rule borrowed from `.htaccess`
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }