From 4ca12affe1806fd685ddd5c6ef3d79a5a85b6942 Mon Sep 17 00:00:00 2001
From: Edwin Lyon <edwin@thelyoncompany.com>
Date: Mon, 10 Jun 2024 14:09:40 -0700
Subject: [PATCH] nextcloud.subdomain.conf

---
 .../proxy-confs/nextcloud.subdomain.conf      | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 swag/nginx/proxy-confs/nextcloud.subdomain.conf

diff --git a/swag/nginx/proxy-confs/nextcloud.subdomain.conf b/swag/nginx/proxy-confs/nextcloud.subdomain.conf
new file mode 100644
index 0000000..ffab035
--- /dev/null
+++ b/swag/nginx/proxy-confs/nextcloud.subdomain.conf
@@ -0,0 +1,29 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name nextcloud.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app nextcloud;
+        set $upstream_port 443;
+        set $upstream_proto https;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Hide proxy response headers from Nextcloud that conflict with ssl.conf
+        # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
+        proxy_hide_header Referrer-Policy;
+        proxy_hide_header X-Content-Type-Options;
+        proxy_hide_header X-Frame-Options;
+        proxy_hide_header X-XSS-Protection;
+
+        # Disable proxy buffering
+        proxy_buffering off;
+    }
+}
\ No newline at end of file