Update Nginx configuration for Nextcloud

Author: henmohr

.docker/web/nextcloud.conf

@@ -1,5 +1,6 @@
 upstream php-handler {
     server app:9000;
+    #server unix:/run/php/php8.2-fpm.sock;
 }
 
 # Set the `immutable` cache control options only for assets with a cache busting `v` argument
@@ -11,18 +12,17 @@ map $arg_v $asset_immutable {
 include       /etc/nginx/mime.types;
 default_type  application/octet-stream;
 
-sendfile        on;
-#tcp_nopush     on;
+sendfile on;
+keepalive_timeout 65;
 
-keepalive_timeout  65;
-
-set_real_ip_from  10.0.0.0/8;
-set_real_ip_from  172.16.0.0/12;
-set_real_ip_from  192.168.0.0/16;
-real_ip_header    X-Real-IP;
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 192.168.0.0/16;
+real_ip_header X-Real-IP;
 
 server {
     listen 80;
+    listen [::]:80;
     include /etc/nginx/conf.d/includes/*.conf;
 
     # Path to the root of your installation
@@ -44,6 +44,13 @@ server {
     client_body_timeout 300s;
     fastcgi_buffers 64 4K;
 
+    # Proxy and client response timeouts
+    # Uncomment and increase these if facing timeout errors during large file uploads
+    #proxy_connect_timeout 60s;
+    #proxy_send_timeout 60s;
+    #proxy_read_timeout 60s;
+    #send_timeout 60s;
+
     # Enable gzip but do not remove ETag headers
     gzip on;
     gzip_vary on;
@@ -78,6 +85,7 @@ server {
     include mime.types;
     types {
         text/javascript mjs;
+	application/wasm wasm;
     }
 
     # Specify how to handle directories -- specifying `/index.php$request_uri`
@@ -151,14 +159,19 @@ server {
         fastcgi_pass php-handler;
 
         fastcgi_intercept_errors on;
-        fastcgi_request_buffering off;
+        fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
+
+        # PHP-FPM 504 response timeouts
+        # Uncomment and increase these if facing timeout errors during large file uploads
+        fastcgi_read_timeout 3600s;
+        #fastcgi_send_timeout 60s;
+        #fastcgi_connect_timeout 60s;
 
         fastcgi_max_temp_file_size 0;
-        fastcgi_read_timeout 3600;
     }
 
     # Serve static files
-    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+    location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
         try_files $uri /index.php$request_uri;
         # HTTP response headers borrowed from Nextcloud `.htaccess`
         add_header Cache-Control                     "public, max-age=15778463$asset_immutable";
@@ -167,11 +180,10 @@ server {
         add_header X-Frame-Options                   "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies "none"              always;
         add_header X-Robots-Tag                      "noindex, nofollow" always;
-        add_header X-XSS-Protection                  "1; mode=block"     always;
         access_log off;     # Optional: Don't log access to assets
     }
 
-    location ~ \.woff2?$ {
+    location ~ \.(otf|woff2?)$ {
         try_files $uri /index.php$request_uri;
         expires 7d;         # Cache-Control policy borrowed from `.htaccess`
         access_log off;     # Optional: Don't log access to assets