# {{ ansible_managed }} server { server_name nextcloud.{{ domain_name }} www.nextcloud.{{ domain_name }}; client_max_body_size 0; underscores_in_headers on; location / { proxy_pass http://10.0.0.5:11000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 64; proxy_buffering off; proxy_redirect off; proxy_max_temp_file_size 0; } listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # The redirects for CalDAV or CardDAV does not work if Nextcloud is running behind a reverse proxy. The recommended solution is that your reverse proxy does the redirects. location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/webfinger { return 301 $scheme://$host/index.php/.well-known/webfinger; } location /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } location /ocm-provider { return 301 $scheme://$host/index.php/ocm-provider; } } server { if ($host = www.nextcloud.{{ domain_name }}) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = nextcloud.{{ domain_name }}) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name nextcloud.{{ domain_name }} www.nextcloud.{{ domain_name }}; return 404; # managed by Certbot }