Merge branch 'master' into patch-1

2026-04-27 00:00:25 +08:00 · 2022-04-28 10:49:55 -04:00 · 2022-04-28 10:49:55 -04:00 · dbf0bd26aa
commit dbf0bd26aa
parent bdcc10185a 89f927edea
4 changed files with 33 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -257,6 +257,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64

 ## Versions

+* **14.04.21:** - Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default` and restart the container). Fix LDAP connection.
 * **11.09.21:** - Rebasing to alpine 3.14
 * **21.03.21:** - Publish `php8` tag for testing.
 * **25.02.21:** - Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container).
--- a/package_versions.txt
+++ b/package_versions.txt
@ -29,7 +29,7 @@ fribidi-1.0.10-r0
 gdbm-1.19-r0
 gdk-pixbuf-2.42.6-r0
 ghostscript-9.54.0-r1
-git-2.32.0-r0
+git-2.32.1-r0
 glib-2.68.3-r0
 gmp-6.2.1-r1
 gnu-libiconv-1.16-r0
@ -210,7 +210,7 @@ wayland-libs-client-1.19.0-r0
 x264-libs-20210211-r0
 x265-libs-3.4-r0
 xvidcore-1.3.7-r1
-xz-5.2.5-r0
+xz-5.2.5-r1
 xz-libs-5.2.5-r1
 zlib-1.2.12-r0
 zstd-libs-1.4.9-r1
--- a/readme-vars.yml
+++ b/readme-vars.yml
@ -78,7 +78,8 @@ app_setup_block: |

 # changelog
 changelogs:
-  - { date: "11.09.21:", desc: "Increase OPCache interned strings buffered setting to 16." }
+  - { date: "28.04.22:", desc: "Increase OPCache interned strings buffered setting to 16." }
+  - { date: "14.04.22:", desc: "Nginx default site config updated for v23 (existing users should delete `/config/nginx/site-confs/default` and restart the container). Fix LDAP connection." }
  - { date: "11.09.21:", desc: "Rebasing to alpine 3.14" }
  - { date: "21.03.21:", desc: "Publish `php8` tag for testing." }
  - { date: "25.02.21:", desc: "Nginx default site config updated for v21 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." }
--- a/root/defaults/default
+++ b/root/defaults/default
@ -27,6 +27,7 @@ server {

    # set max upload size
    client_max_body_size 512M;
+    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
@ -35,7 +36,7 @@ server {
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
@ -85,25 +86,32 @@ server {
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
-        # The following 6 rules are borrowed from `.htaccess`
+        # The rules in this block are an adaptation of the rules
+        # in `.htaccess` that concern `/.well-known`.

-        location = /.well-known/carddav     { return 301 /remote.php/dav/; }
-        location = /.well-known/caldav      { return 301 /remote.php/dav/; }
-        # Anything else is dynamically handled by Nextcloud
-        location ^~ /.well-known            { return 301 /index.php$uri; }
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

-        try_files $uri $uri/ =404;
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
-    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
+        # Required for legacy support
+        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

@ -120,12 +128,18 @@ server {

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
    }

-    location ~ \.(?:css|js|svg|gif)$ {
+    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
    }

    location ~ \.woff2?$ {
@ -134,6 +148,11 @@ server {
        access_log off;     # Optional: Don't log access to assets
    }

+    # Rule borrowed from `.htaccess`
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }