From c55cb785af06510d9ef8e359e735a0f43212f91e Mon Sep 17 00:00:00 2001
From: chris <christiansteinle@arcor.de>
Date: Wed, 6 Mar 2024 08:09:40 +0100
Subject: [PATCH] Extend nextclouds nginx configuration.

---
 nextcloud/nextcloud.conf | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/nextcloud/nextcloud.conf b/nextcloud/nextcloud.conf
index 665fd1f..c324c88 100644
--- a/nextcloud/nextcloud.conf
+++ b/nextcloud/nextcloud.conf
@@ -13,6 +13,11 @@ server {
     client_body_timeout 300s;
     fastcgi_buffers 64 4K;
 
+    # The settings allows you to optimize the HTTP2 bandwidth.
+    # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
+    # for tuning hints
+    client_body_buffer_size 512k;
+
     # Enable gzip but do not remove ETag headers
     gzip on;
     gzip_vary on;
@@ -75,8 +80,12 @@ server {
 
         location = /.well-known/carddav    { return 301 /remote.php/dav/; }
         location = /.well-known/caldav     { return 301 /remote.php/dav/; }
-        location = /.well-known/webfinger  { return 301 /index.php/.well-known/webfinger/; }
-        location = /.well-known/nodeinfo   { return 301 /index.php/.well-known/nodeinfo; }
+
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        location /.well-known/webfinger  { return 301 /index.php/.well-known/webfinger/; }
+        location /.well-known/nodeinfo   { return 301 /index.php/.well-known/nodeinfo; }
 
         # Let Nextcloud's API for `/.well-known` URIs handle all other
         # requests by passing them to the front-end controller.
@@ -111,12 +120,31 @@ server {
 
         fastcgi_intercept_errors on;
         fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
     }
 
-    location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
+    # Javascript mimetype fixes for nginx
+    # Note: The block below should be removed, and the js|mjs section should be
+    # added to the block below this one. This is a temporary fix until Nginx 
+    # upstream fixes the js mime-type
+    location ~* \.(?:js|mjs)$ {
+        types { 
+            text/javascript js mjs;
+        } 
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463, immutable";
+        access_log off;
+    }
+
+    location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
         try_files $uri /index.php$request_uri;
         expires 6M;         # Cache-Control policy borrowed from `.htaccess`
         access_log off;     # Optional: Don't log access to assets
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
     }
 
     location ~ \.woff2?$ {