diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index a2b4455969..8dbf464f92 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -60,19 +60,19 @@ server_names_hash_bucket_size 128; server { listen 8092; - + add_header Referrer-Policy "same-origin"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options $header_x_frame_options; add_header Cache-Control $cache_control; add_header Permissions-Policy "autoplay=(), geolocation=(), camera=(), microphone=(), interest-cohort=()"; - root $public_root; + root $public_root; etag on; large_client_header_buffers 4 16k; client_max_body_size 4G; - + gzip on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; gzip_min_length 1000; @@ -98,7 +98,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header Proxy ""; - + set $csp ""; access_by_lua ' local accept_header = ngx.req.get_headers()["Accept"] @@ -128,7 +128,7 @@ server { ngx.log(ngx.ERR, "failed to connect to redis: ", err) return end - + if redis_pass ~= "" then local res, err = red:auth(redis_pass) if not res then @@ -136,9 +136,9 @@ server { return end end - + local csp, err = red:hget(key, "data") - + if csp == ngx.null or not csp then ngx.log(ngx.INFO, "failed to get redis key: ", err) else @@ -146,7 +146,7 @@ server { end end '; - + location ~* ^/ds-vpath/ { rewrite /ds-vpath/(.*) /$1 break; @@ -165,13 +165,13 @@ server { proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host/ds-vpath; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; add_header Content-Security-Policy $content_security_policy; - + } - + location ^~ /dashboards/ { auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/.htpasswd_dashboards; - + rewrite ^/dashboards(/.*)$ $1 break; proxy_pass http://127.0.0.1:5601; proxy_redirect off; @@ -226,7 +226,7 @@ server { } } - + location /doceditor { proxy_pass http://127.0.0.1:5013; proxy_redirect off; @@ -246,7 +246,8 @@ server { } location /confirm { - rewrite confirm/(.*) /login/confirm/$1 break; + + rewrite confirm(?:\.aspx\/?|\/?)(.*) /login/confirm/$1 break; proxy_pass http://$service_login; proxy_redirect off; @@ -270,7 +271,7 @@ server { location ~* /static/fonts/(?[^/]+) { try_files /fonts/$content/$basename /index.html =404; } - + rewrite management/(.*) /$1 break; } @@ -279,10 +280,10 @@ server { } location /sockjs-node { - proxy_pass http://127.0.0.1:5001; + proxy_pass http://127.0.0.1:5001; proxy_redirect off; } - + location ~* /s/(.*) { proxy_pass http://127.0.0.1:5000; } @@ -306,19 +307,19 @@ server { proxy_pass http://127.0.0.1:5012; } } - + location /api/2.0 { location ~* /(files|privacyroom) { proxy_pass http://127.0.0.1:5007; } - + location ~* /(people|group|accounts) { proxy_pass http://127.0.0.1:5004; } location ~* /(authentication|modules|portal|security|settings|smtpsettings|capabilities|thirdparty|encryption|feed|migration) { proxy_pass http://127.0.0.1:5000; - + location ~* portal/(.*)(backup|restore)(.*) { rewrite (.*)/portal/(.*) $1/backup/$2 break; proxy_redirect off; @@ -349,15 +350,15 @@ server { rewrite sso/(.*) /$1 break; proxy_pass http://127.0.0.1:9834; } - + location ~* /storage/files_template/ { proxy_pass http://127.0.0.1:5007; } - + location ~* /(ssologin.ashx|login.ashx|storage) { proxy_pass http://127.0.0.1:5003; } - + location /socket.io/ { proxy_pass http://127.0.0.1:9899; proxy_redirect off; @@ -365,28 +366,28 @@ server { location /backupFileUpload.ashx { proxy_pass http://127.0.0.1:5012; - } - + } + location /migrationFileUpload.ashx { proxy_pass http://127.0.0.1:5000; - } - + } + location /logoUploader.ashx { proxy_pass http://127.0.0.1:5000; - } - + } + location /logo.ashx { proxy_pass http://127.0.0.1:5000; } - + location /payment.ashx { proxy_pass http://127.0.0.1:5000; - } - + } + location /ThirdPartyApp { proxy_pass http://127.0.0.1:5007; } - + location ~* /filehandler.ashx { proxy_pass http://127.0.0.1:5007; } @@ -394,12 +395,12 @@ server { location /ChunkedUploader.ashx { proxy_pass http://127.0.0.1:5007; } - + location /apisystem { rewrite apisystem/(.*) /$1 break; proxy_pass http://127.0.0.1:5010; } - + location /apicache { rewrite apicache/(.*) /$1 break; proxy_pass http://127.0.0.1:5100;