server { root {{ doc_root }}; server_name $hostname; # e.g. box.lan, set dynamically when NGINX starts #server_name {{ iiab_hostname }}.{{ iiab_domain }}; #server_name {{ iiab_hostname }}; listen 80; index index.php index.html index.htm; # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. # So IIAB sets this to 10000M, roughly aligning with similar settings... # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L90-L91 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/php-settings.yml#L104-L105 # 2. 'client_max_body_size 10000M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 10000M; # let individual services drop location blocks in conf.d include {{ nginx_conf_dir }}/*; location ~ .*\.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; fastcgi_pass php; fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; include fastcgi_params; } # 2021-07-30: Security risk identified by @tim-moody #location /cgi-bin { # root /usr/lib; #} # if you don't like seeing all the errors for missing favicon.ico in root location = /favicon.ico { access_log off; log_not_found off; } # if you don't like seeing errors for a missing robots.txt in root location = /robots.txt { access_log off; log_not_found off; } # Let's not serve files like .htaccess .htpassword .secret etc. # EXCEPTION: 'location ^~ /kiwix' in /etc/nginx/conf.d/kiwix-nginx.conf # overrules this, for ZIM file articles that begin with a dot (#3072). location ~ /\. { deny all; } }