forked from MichaIng/DietPi
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request MichaIng#2436 from Fourdee/beta
Release v6.19.7 => v6.20.5
- Loading branch information
Showing
91 changed files
with
5,379 additions
and
5,551 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,30 @@ | ||
| # Solve OPcache settings warning on Nextcloud admin panel: | ||
| # Derived from: | ||
| # - Apache: https://github.com/nextcloud/server/blob/master/.htaccess | ||
| # - Nginx: https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html | ||
|
|
||
| $HTTP["url"] =~ "^/nextcloud($|/)" { | ||
| setenv.add-environment += ( | ||
| "PHP_ADMIN_VALUE" => "opcache.memory_consumption=128", | ||
| ) | ||
| } | ||
|
|
||
| # Set "Referrer-Policy" = "no-referrer" security header | ||
| setenv.add-response-header = ( "Referrer-Policy" => "no-referrer" ) | ||
| # Hardening | ||
| # - Directories | ||
| $HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)($|/)" { url.access-deny = ("") } | ||
| # - Files | ||
| $HTTP["url"] =~ "^/nextcloud/(\.|autotest|occ|issue|indie|db_|console)" { url.access-deny = ("") } | ||
| # - Directory listing | ||
| dir-listing.active = "disable" | ||
| # - Cache control and security headers for static resources | ||
| $HTTP["url"] =~ "^/nextcloud/.*\.(css|js|woff2?|svg|gif)$" { | ||
| setenv.add-response-header += ( | ||
| "Cache-Control" => "public, max-age=15778463", | ||
| "X-Content-Type-Options" => "nosniff", | ||
| "X-XSS-Protection" => "1; mode=block", | ||
| "X-Robots-Tag" => "none", | ||
| "X-Download-Options" => "noopen", | ||
| "X-Permitted-Cross-Domain-Policies" => "none", | ||
| "Referrer-Policy" => "no-referrer", | ||
| ) | ||
| } | ||
|
|
||
| # Solve OPcache settings warning on Nextcloud admin panel | ||
| setenv.add-environment += ( "PHP_ADMIN_VALUE" => "opcache.memory_consumption=128" ) | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| [core] | ||
| cache_dir = /mnt/dietpi_userdata/mopidy/cache | ||
| config_dir = /etc/mopidy | ||
| data_dir = /mnt/dietpi_userdata/mopidy/data | ||
|
|
||
| [logging] | ||
| config_file = /etc/mopidy/logging.conf | ||
| debug_file = /var/log/mopidy/mopidy.log | ||
|
|
||
| [local] | ||
| media_dir = /mnt | ||
|
|
||
| [file] | ||
| media_dirs = /mnt|Mounts | ||
|
|
||
| [m3u] | ||
| playlists_dir = /mnt/dietpi_userdata/Music | ||
|
|
||
| [http] | ||
| hostname = :: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Derived from: | ||
| # - Apache: https://github.com/owncloud/core/blob/master/.htaccess | ||
| # - Nginx: https://doc.owncloud.org/server/administration_manual/installation/nginx_configuration.html | ||
|
|
||
| $HTTP["url"] =~ "^/owncloud($|/)" { | ||
|
|
||
| # Hardening | ||
| # - Directories | ||
| $HTTP["url"] =~ "^/owncloud/(build|tests|config|lib|3rdparty|templates|data)($|/)" { url.access-deny = ("") } | ||
| # - Files | ||
| $HTTP["url"] =~ "^/owncloud/(\.|autotest|occ|issue|indie|db_|console)" { url.access-deny = ("") } | ||
| # - Directory listing | ||
| dir-listing.active = "disable" | ||
| # - Cache control and security headers for static resources | ||
| $HTTP["url"] =~ "^/owncloud/.+\.(css|js)" { | ||
| setenv.add-response-header += ( | ||
| "Cache-Control" => "public, max-age=15778463", | ||
| "X-Frame-Options" => "SAMEORIGIN", | ||
| "X-Content-Type-Options" => "nosniff", | ||
| "X-XSS-Protection" => "1; mode=block", | ||
| "X-Robots-Tag" => "none", | ||
| "X-Download-Options" => "noopen", | ||
| "X-Permitted-Cross-Domain-Policies" => "none", | ||
| "Referrer-Policy" => "no-referrer", | ||
| ) | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,95 +1,94 @@ | ||
| location ^~ /owncloud { | ||
|
|
||
| # Add headers to serve security related headers | ||
| # Before enabling Strict-Transport-Security headers please read into this topic first. | ||
| add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-Frame-Options "SAMEORIGIN"; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| add_header X-Robots-Tag none; | ||
| add_header X-Download-Options noopen; | ||
| add_header X-Permitted-Cross-Domain-Policies none; | ||
| add_header Referrer-Policy "no-referrer"; | ||
| # Based on: https://doc.owncloud.org/server/administration_manual/installation/nginx_configuration.html | ||
|
|
||
| # set max upload size | ||
| client_max_body_size 1048576M; | ||
| # Do not set the number of buffers over 63, in our example it is set to 8. | ||
| # When exeeding, big file downloads can possibly consume a lot of system memory over time and cause problems especially on low-mem systems. | ||
| fastcgi_buffers 8 4K; | ||
| # From ownCloud version 10.0.4 on, a header statement will be sent to nginx not to use buffers to avoid problems with problematic fastcgi_buffers values. See note above. | ||
| # If these values are properly set and no problems are expected, you can turn on this statement to reenable buffering overriding the sent header. | ||
| # In case you use an earlier version of ownCloud or can´t change the buffers, or you can´t remove a existing ignore header statement, you can explicitly set fastcgi_buffering off; | ||
| # These statements are used either or but not together. | ||
| fastcgi_ignore_headers X-Accel-Buffering; | ||
| location ^~ /owncloud { | ||
|
|
||
| # Disable gzip to avoid the removal of the ETag header | ||
| # Enabling gzip would also make your server vulnerable to BREACH | ||
| # if no additional measures are done. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332 | ||
| gzip off; | ||
| # Add headers to serve security related headers | ||
| #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-Frame-Options "SAMEORIGIN"; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| add_header X-Robots-Tag none; | ||
| add_header X-Download-Options noopen; | ||
| add_header X-Permitted-Cross-Domain-Policies none; | ||
| add_header Referrer-Policy no-referrer; | ||
|
|
||
| # Uncomment if your server is build with the ngx_pagespeed module | ||
| # This module is currently not supported. | ||
| #pagespeed off; | ||
| # Set max upload size | ||
| client_max_body_size 1048576M; | ||
| # Do not set the number of buffers over 63, in our example it is set to 8. | ||
| # When exeeding, big file downloads can possibly consume a lot of system memory over time and cause problems especially on low-mem systems. | ||
| fastcgi_buffers 8 4K; | ||
| # From ownCloud version 10.0.4 on, a header statement will be sent to nginx not to use buffers to avoid problems with problematic fastcgi_buffers values. See note above. | ||
| # If these values are properly set and no problems are expected, you can turn on this statement to reenable buffering overriding the sent header. | ||
| # In case you use an earlier version of ownCloud or can´t change the buffers, or you can´t remove a existing ignore header statement, you can explicitly set fastcgi_buffering off; | ||
| # These statements are used either or but not together. | ||
| fastcgi_ignore_headers X-Accel-Buffering; | ||
|
|
||
| error_page 403 /owncloud/core/templates/403.php; | ||
| error_page 404 /owncloud/core/templates/404.php; | ||
| # Disable gzip to avoid the removal of the ETag header | ||
| # Enabling gzip would also make your server vulnerable to BREACH | ||
| # if no additional measures are done. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332 | ||
| gzip off; | ||
|
|
||
| location /owncloud { | ||
| rewrite ^ /owncloud/index.php$uri; | ||
| } | ||
| # Uncomment if your server is build with the ngx_pagespeed module | ||
| # This module is currently not supported. | ||
| #pagespeed off; | ||
|
|
||
| location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { | ||
| return 404; | ||
| } | ||
| error_page 403 /owncloud/core/templates/403.php; | ||
| error_page 404 /owncloud/core/templates/404.php; | ||
|
|
||
| location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) { | ||
| return 404; | ||
| } | ||
| location /owncloud { | ||
| rewrite ^ /owncloud/index.php$uri; | ||
| } | ||
|
|
||
| location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | ||
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | ||
| include fastcgi_params; | ||
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/private/AppFramework/Http/Request.php#L603 | ||
| fastcgi_param PATH_INFO $fastcgi_path_info; | ||
| #fastcgi_param HTTPS on; | ||
| fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice | ||
| # EXPERIMENTAL: active the following if you need to get rid of the 'index.php' in the URLs | ||
| fastcgi_param front_controller_active true; | ||
| fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries | ||
| fastcgi_pass php; | ||
| fastcgi_intercept_errors on; | ||
| #fastcgi_request_buffering off; #Available since NGINX 1.7.11 | ||
| } | ||
| location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { | ||
| return 404; | ||
| } | ||
| location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) { | ||
| return 404; | ||
| } | ||
|
|
||
| location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) { | ||
| try_files $uri $uri/ =404; | ||
| index index.php; | ||
| } | ||
| location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | ||
| fastcgi_split_path_info ^(.+\.php)(/.*)$; | ||
| include fastcgi_params; | ||
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/private/AppFramework/Http/Request.php#L603 | ||
| fastcgi_param PATH_INFO $fastcgi_path_info; | ||
| fastcgi_param HTTPS $https; | ||
| fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice | ||
| # EXPERIMENTAL: active the following if you need to get rid of the 'index.php' in the URLs | ||
| fastcgi_param front_controller_active true; | ||
| fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries | ||
| fastcgi_pass php; | ||
| fastcgi_intercept_errors on; | ||
| #fastcgi_request_buffering off; #Available since NGINX 1.7.11 | ||
| } | ||
|
|
||
| # Adding the cache control header for js and css files | ||
| # Make sure it is BELOW the PHP block | ||
| location ~ /owncloud(\/.*\.(?:css|js)) { | ||
| try_files $uri /owncloud/index.php$uri$is_args$args; | ||
| add_header Cache-Control "max-age=15778463"; | ||
| # Add headers to serve security related headers (It is intended to have those duplicated to the ones above) | ||
| # Before enabling Strict-Transport-Security headers please read into this topic first. | ||
| add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-Frame-Options "SAMEORIGIN"; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| add_header X-Robots-Tag none; | ||
| add_header X-Download-Options noopen; | ||
| add_header X-Permitted-Cross-Domain-Policies none; | ||
| # Optional: Don't log access to assets | ||
| access_log off; | ||
| } | ||
| location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) { | ||
| try_files $uri $uri/ =404; | ||
| index index.php; | ||
| } | ||
|
|
||
| location ~ /owncloud(/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)) { | ||
| try_files $uri /owncloud/index.php$uri$is_args$args; | ||
| add_header Cache-Control "public, max-age=7200"; | ||
| # Optional: Don't log access to other assets | ||
| access_log off; | ||
| } | ||
| # Adding the cache control header for js and css files | ||
| # Make sure it is BELOW the PHP block | ||
| location ~ /owncloud/.*\.(?:css|js) { | ||
| try_files $uri /owncloud/index.php$uri$is_args$args; | ||
| add_header Cache-Control "max-age=15778463"; | ||
| # Add headers to serve security related headers (It is intended to have those duplicated to the ones above) | ||
| #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; | ||
| add_header X-Content-Type-Options nosniff; | ||
| add_header X-Frame-Options "SAMEORIGIN"; | ||
| add_header X-XSS-Protection "1; mode=block"; | ||
| add_header X-Robots-Tag none; | ||
| add_header X-Download-Options noopen; | ||
| add_header X-Permitted-Cross-Domain-Policies none; | ||
| add_header Referrer-Policy no-referrer; | ||
| # Optional: Don't log access to assets | ||
| access_log off; | ||
| } | ||
|
|
||
| location ~ /owncloud/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map|json) { | ||
| try_files $uri /owncloud/index.php$uri$is_args$args; | ||
| add_header Cache-Control "public, max-age=7200"; | ||
| # Optional: Don't log access to other assets | ||
| access_log off; | ||
| } | ||
| } |
Oops, something went wrong.