diff --git a/src/nextcloud/constants-service.conf b/src/nextcloud/constants-service.conf index 51f9a33..c9825e5 100644 --- a/src/nextcloud/constants-service.conf +++ b/src/nextcloud/constants-service.conf @@ -8,7 +8,7 @@ # This file contains the project constants on service level # Debian Version, which will be installed -LXC_TEMPLATE_VERSION="debian-11-standard" +LXC_TEMPLATE_VERSION="debian-12-standard" # Create sharefs mountpoint LXC_MP="1" @@ -23,7 +23,7 @@ LXC_NESTING="1" NEXTCLOUD_VERSION="latest" # Defines the php version to install -NEXTCLOUD_PHP_VERSION="8.1" +NEXTCLOUD_PHP_VERSION="8.2" # Defines the IP from the SQL server NEXTCLOUD_DB_IP="127.0.0.1" diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 79d65c6..95f7022 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -14,13 +14,13 @@ source /root/constants-service.conf HOSTNAME=$(hostname -f) -wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add - +wget -q -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/sury-php.gpg >/dev/null echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list -wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add - +wget -q -O - https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/nginx.gpg >/dev/null echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list -wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - +wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/postgresql.gpg >/dev/null echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list apt update @@ -76,7 +76,7 @@ sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXT sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini -sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini +sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=16/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini @@ -113,6 +113,9 @@ set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; real_ip_recursive on; include /etc/nginx/mime.types; +types { + text/javascript mjs; + } default_type application/octet-stream; sendfile on; send_timeout 3600; @@ -136,6 +139,10 @@ cat > /etc/nginx/conf.d/http.conf << EOF upstream php-handler { server unix:/run/php/php$NEXTCLOUD_PHP_VERSION-fpm.sock; } +map \$arg_v \$asset_immutable { + "" ""; + default "immutable"; +} server { listen 80 default_server; listen [::]:80 default_server; @@ -171,13 +178,15 @@ ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; client_max_body_size 5120M; +client_body_timeout 300s; +client_body_buffer_size 512k; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; -gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; +gzip_types application/atom+xml text/javascript application/wasm application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; add_header Permissions-Policy "interest-cohort=()"; add_header Referrer-Policy "no-referrer" always; @@ -230,10 +239,13 @@ fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } -location ~ \.(?:css|js|svg|gif)\$ { +location ~ \.(?:css|js|mjs|svg|gif|ico|wasm|tflite|map)\$ { try_files \$uri /index.php\$request_uri; expires 6M; access_log off; + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?\$ { try_files \$uri /index.php\$request_uri;