75 lines
2.7 KiB
Plaintext
75 lines
2.7 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name localhost;
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
# Logs
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
# Servir archivos estáticos PRIMERO (antes de proxy usuarios)
|
|
location ~ ^/(images|lib|css|js|fonts|locale|calendar)/ {
|
|
try_files $uri =404;
|
|
|
|
# No cache para desarrollo
|
|
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
|
add_header Pragma "no-cache";
|
|
expires -1;
|
|
}
|
|
|
|
# Proxy para Radicale según documentación oficial
|
|
location /radicale/ {
|
|
proxy_pass http://radicale:5232/;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Script-Name /radicale;
|
|
proxy_set_header X-Forwarded-Prefix /radicale;
|
|
proxy_set_header Authorization $http_authorization;
|
|
proxy_pass_request_headers on;
|
|
|
|
# Configuraciones de proxy para evitar truncamiento
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
proxy_http_version 1.1;
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 75s;
|
|
client_max_body_size 10M;
|
|
proxy_max_temp_file_size 0;
|
|
|
|
# Headers WebDAV específicos
|
|
proxy_set_header Depth $http_depth;
|
|
proxy_set_header Destination $http_destination;
|
|
proxy_set_header Overwrite $http_overwrite;
|
|
|
|
# CORS headers para WebDAV
|
|
add_header Access-Control-Allow-Origin "*" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, REPORT" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization, Destination, Overwrite" always;
|
|
add_header Access-Control-Expose-Headers "ETag, DAV" always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
|
|
# Preflight requests
|
|
if ($request_method = OPTIONS) {
|
|
return 204;
|
|
}
|
|
}
|
|
|
|
# Servir archivos estáticos de InfCloud
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
|
|
# No cache para desarrollo
|
|
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
|
add_header Pragma "no-cache";
|
|
expires -1;
|
|
}
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
}
|