NextCloud - 配置伪静态

博主： bigbug
发布时间：2021 年 07 月 31 日
777 次浏览
暂无评论
18833字数
分类：笔记教程开源网盘

Nextcloud 是一种自托管的开源云存储解决方案，旨在提供安全、灵活且功能丰富的文件存储和共享服务。折腾中发现安装好的NC网盘的链接地址丑陋且暴露后台安全，根据官方的教程进行伪静态配置。

官方配置教程：👇

https://docs.nextcloud.com/server/latest/admin\_manual/installation/nginx.html

这是未去除以前的样子，无论是分享页面还是用户页面都会有.PHP结尾的URL不美观

(URL直接暴露后台文件不安全还丑陋)

配置过程很简单(运行环境： PHP8.0 + Nginx1.20 + 宝塔面板)，后续按照官方的配置文件直接照搬就好。

官方的配置文件（带伪静态也就是去掉index.php的配置文件）

版本：NextCloud22.0

#官方的配置文件NextCloud22.0
upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.4-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443      ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    ssl_certificate     /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud;

    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
}

将以上的配置稍作修改

打开面板在NextCloud的站点下填入配置：👇

找到站点的配置文件，向配置文件中添加的字段(主要看中文提示部分)

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
   
    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;


    # (重要！！！)此处配置在宝塔原有的基础上添加 /index.php$request_uri; 即可或者直接替换为以下行
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }


    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
  
    # 以下为伪静态配置(重要！！！)
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
              # 以下两行很重要
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass unix:/tmp/php-cgi-80.sock;   #此处为自己运行的PHP版本所生成的网络通信文件

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }

在宝塔面板下添加完成后的文件👇(完整配置)

server
{
    listen 80;
      listen 443 ssl http2;
    server_name nextcloud.com;
      index index.php index.html /index.php$request_uri; #(》》》重要《《《)
    root /www/wwwroot/nextcloud;
  
    #HTTP_TO_HTTPS_END
    ssl_certificate    /www/server/panel/vhost/cert/nextcloud/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/nextcloud/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;
    #SSL-END
  
    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
  
    # Enable gzip but do not remove ETag headers
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;


    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;
  
  
    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
   location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }
  
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
  
    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }


    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
  
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true; #(》》》重要《《《)
        fastcgi_pass unix:/tmp/php-cgi-80.sock;  #(》》》重要《《《)

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }
  
    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
  
    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
  
    #PHP-INFO-START  PHP引用配置，可以注释或修改
    #清理缓存规则
    location ~ /purge(/.*) {
        proxy_cache_purge cache_one $host$1$is_args$args;
        #access_log  /www/wwwlogs/yun.bughero.net_purge_cache.log;
    }
    #引用反向代理规则，注释后配置的反向代理将无效
    include /www/server/panel/vhost/nginx/proxy/yun.bughero.net/*.conf;

    ##SECURITY-START 防盗链配置
   location ~ .*\.(jpg|jpeg|gif|png|js|css)$
    {
        expires      30d;
        access_log /dev/null;
        valid_referers yun.bughero.net;
        if ($invalid_referer){
           return 404;
        }
    }
    #SECURITY-END
    include enable-php-80.conf;
    #PHP-INFO-END
  
    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/yun.bughero.net.conf;
    #REWRITE-END
  
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
  
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
  
    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }
  
    access_log  /www/wwwlogs/yun.bughero.net.log;
    error_log  /www/wwwlogs/yun.bughero.net.error.log;
}

按照以上配置修改即可配置成功！！

注意事项：

1. 默认文档

# 默认文档必须要有  /index.php$request_uri; 否则主页会403
index index.php index.html /index.php$request_uri;

2. 伪静态配置

# 开启隐藏.php后缀
fastcgi_param front_controller_active true;

此处需自行判断此处在宝塔面板下配置

使用的是PHP8.0 则👇：

 fastcgi_pass unix:/tmp/php-cgi-80.sock;

PHP7.4 则👇：

 fastcgi_pass unix:/tmp/php-cgi-74.sock;

若未使用宝塔面板的则需自行查找php.sock文件一般在 /var/run/php/php7.4-fpm.sock;

3. 以上配置中以 location 开始的字段原封不动照搬即可，该配置主要为资源重定向(很重要)，如不确定照搬即可(仿照着👆 添加完成后的那份配置文件即可配置成功)。

以下是配置好的样子(就很简洁漂亮) 👇

登录页

主面板

分享页

GoodJob !!!!

最后修改：2024 年 02 月 09 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

NextCloud - 配置伪静态

bigbug • 2021 年 07 月 31 日

&emsp;&emsp;Nextcloud 是一种自托管的开源云存储解决方案，旨在提供安全、灵活且功能丰富的文件存储和共享服务。折腾中发现安装好的NC网盘的链接地址丑陋且暴露后台安全，根据官方的教程进行伪静态配置。官方配置教程：👇<a class="no-external-link" href="https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html" target="_blank">https://docs.nextcloud.com/server/latest/admin\_manual/installation/nginx.html</a>这是未去除以前的样子，无论是分享页面还是用户页面都会有.PHP结尾的URL不美观(URL直接暴露后台文件 不安全还丑陋)<div align=center>
<img alt="URL" src="https://cdn.bughero.net/d/res/ncloud/url/1.webp" width="90%"/>
</div>配置过程很简单(运行环境： PHP8.0 + Nginx1.20 + 宝塔面板)，后续按照官方的配置文件直接照搬就好。官方的配置文件（带伪静态 也就是去掉index.php的配置文件）版本：NextCloud22.0<pre><code class="lang-nginx">#官方的配置文件NextCloud22.0
upstream php-handler {
 server 127.0.0.1:9000;
 #server unix:/var/run/php/php7.4-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;

# Enforce HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443      ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

# Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    ssl_certificate     /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

# HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    #add_header Strict-Transport-Security &quot;max-age=15768000; includeSubDomains; preload;&quot; always;

# set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

# Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

# HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      &quot;no-referrer&quot;   always;
    add_header X-Content-Type-Options               &quot;nosniff&quot;       always;
    add_header X-Download-Options                   &quot;noopen&quot;        always;
    add_header X-Frame-Options                      &quot;SAMEORIGIN&quot;    always;
    add_header X-Permitted-Cross-Domain-Policies    &quot;none&quot;          always;
    add_header X-Robots-Tag                         &quot;none&quot;          always;
    add_header X-XSS-Protection                     &quot;1; mode=block&quot; always;

# Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
    root /var/www/nextcloud;

# Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

# Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

# Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

# Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

try_files $fastcgi_script_name =404;

include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
        try_files $uri /index.php$request_uri;
        expires 6M;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

# Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

location / {
 try_files $uri $uri/ /index.php$request_uri;
 }
}</code></pre>将以上的配置稍作修改打开面板在NextCloud的站点下填入配置：👇找到站点的配置文件，向配置文件中添加的字段(主要看中文提示部分)<pre><code class="lang-nginx"> gzip on;
 gzip_vary on;
 gzip_comp_level 4;
 gzip_min_length 256;
 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 
 # HTTP response headers borrowed from Nextcloud `.htaccess`
 add_header Referrer-Policy &quot;no-referrer&quot; always;
 add_header X-Content-Type-Options &quot;nosniff&quot; always;
 add_header X-Download-Options &quot;noopen&quot; always;
 add_header X-Frame-Options &quot;SAMEORIGIN&quot; always;
 add_header X-Permitted-Cross-Domain-Policies &quot;none&quot; always;
 add_header X-Robots-Tag &quot;none&quot; always;
 add_header X-XSS-Protection &quot;1; mode=block&quot; always;

# Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

# (重要！！！)此处配置在宝塔原有的基础上添加 /index.php$request_uri; 即可或者直接替换为以下行
    index index.php index.html /index.php$request_uri;

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

# Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

# Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
  
    # 以下为伪静态配置(重要！！！)
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

try_files $fastcgi_script_name =404;

include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
              # 以下两行很重要
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass unix:/tmp/php-cgi-80.sock;   #此处为自己运行的PHP版本所生成的网络通信文件

fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

# Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

location / {
 try_files $uri $uri/ /index.php$request_uri;
 }</code></pre>在宝塔面板下添加完成后的文件👇(完整配置)<pre><code class="lang-nginx">server
{
 listen 80;
 listen 443 ssl http2;
 server_name nextcloud.com;
 index index.php index.html /index.php$request_uri; #(》》》重要《《《)
 root /www/wwwroot/nextcloud;
 
 #HTTP_TO_HTTPS_END
 ssl_certificate /www/server/panel/vhost/cert/nextcloud/fullchain.pem;
 ssl_certificate_key /www/server/panel/vhost/cert/nextcloud/privkey.pem;
 ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
 ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;
 ssl_session_timeout 10m;
 add_header Strict-Transport-Security &quot;max-age=31536000&quot;;
 error_page 497 https://$host$request_uri;
 #SSL-END
 
 #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
 #error_page 404/404.html;
 #HTTP_TO_HTTPS_START
 if ($server_port !~ 443){
 rewrite ^(/.*)$ https://$host$1 permanent;
 }
 
 # Enable gzip but do not remove ETag headers
 gzip_vary on;
 gzip_comp_level 4;
 gzip_min_length 256;
 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

add_header Referrer-Policy                      &quot;no-referrer&quot;   always;
    add_header X-Content-Type-Options               &quot;nosniff&quot;       always;
    add_header X-Download-Options                   &quot;noopen&quot;        always;
    add_header X-Frame-Options                      &quot;SAMEORIGIN&quot;    always;
    add_header X-Permitted-Cross-Domain-Policies    &quot;none&quot;          always;
    add_header X-Robots-Tag                         &quot;none&quot;          always;
    add_header X-XSS-Protection                     &quot;1; mode=block&quot; always;

# Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;
  
  
    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
   location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }
  
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
  
    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

# Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

# Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }
  
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

try_files $fastcgi_script_name =404;

include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true; #(》》》重要《《《)
        fastcgi_pass unix:/tmp/php-cgi-80.sock;  #(》》》重要《《《)

fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

# Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }
  
    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
  
    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
  
    #PHP-INFO-START  PHP引用配置，可以注释或修改
    #清理缓存规则
    location ~ /purge(/.*) {
        proxy_cache_purge cache_one $host$1$is_args$args;
        #access_log  /www/wwwlogs/yun.bughero.net_purge_cache.log;
    }
    #引用反向代理规则，注释后配置的反向代理将无效
    include /www/server/panel/vhost/nginx/proxy/yun.bughero.net/*.conf;

##SECURITY-START 防盗链配置
 location ~ .*\.(jpg|jpeg|gif|png|js|css)$
 {
 expires 30d;
 access_log /dev/null;
 valid_referers yun.bughero.net;
 if ($invalid_referer){
 return 404;
 }
 }
 #SECURITY-END
 include enable-php-80.conf;
 #PHP-INFO-END
 
 #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
 include /www/server/panel/vhost/rewrite/yun.bughero.net.conf;
 #REWRITE-END
 
 #禁止访问的文件或目录
 location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
 {
 return 404;
 }
 
 location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
 location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
 
 #一键申请SSL证书验证目录相关设置
 location ~ \.well-known{
 allow all;
 }
 
 access_log /www/wwwlogs/yun.bughero.net.log;
 error_log /www/wwwlogs/yun.bughero.net.error.log;
}</code></pre>按照以上配置修改即可配置成功！！注意事项：1. 默认文档<pre><code class="lang-nginx"># 默认文档必须要有 /index.php$request_uri; 否则主页会403
index index.php index.html /index.php$request_uri;</code></pre>2. 伪静态配置<pre><code class="lang-nginx"># 开启隐藏.php后缀
fastcgi_param front_controller_active true;</code></pre>此处需自行判断此处在宝塔面板下配置使用的是PHP8.0 则👇：<pre><code class="lang-nginx"> fastcgi_pass unix:/tmp/php-cgi-80.sock;</code></pre>PHP7.4 则👇：<pre><code class="lang-nginx"> fastcgi_pass unix:/tmp/php-cgi-74.sock;</code></pre>若未使用宝塔面板的则需自行查找php.sock文件一般在 /var/run/php/php7.4-fpm.sock;3. 以上配置中以 location 开始的字段原封不动照搬 即可，该配置主要为资源重定向(很重要)，如不确定照搬即可(仿照着👆 添加完成后的那份配置文件即可配置成功)。以下是配置好的样子(就很简洁漂亮) 👇<div align=center>
登录页
<img alt="" src="https://cdn.bughero.net/d/res/ncloud/url/2.webp" width="80%"/>
</div><div align=center>
主面板
<img alt="" src="https://cdn.bughero.net/d/res/ncloud/url/3.webp" width="80%"/>
</div><div align=center>
分享页
<img alt="" src="https://cdn.bughero.net/d/res/ncloud/url/4.webp" width="80%"/>
</div><center>GoodJob !!!!</center>

NextCloud - 配置伪静态

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Openwrt显示CPU温度

校园网限速解决方案

Esxi7.0硬盘挂载

Linux SSH登录告警(钉钉版)

C++程序编译问题

宝塔面板问题合集

调整ipv4 ipv6 dns优先级

Windows远程桌面RDP多用户同时连接

关于OpenWRT多处DNS设置的解释

常用软件激活码收录

NextCloud - 配置伪静态

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

NextCloud - 配置伪静态

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款