Nextcloud ISPConfig3 Debian3 Nginx

Nextcloud ist ein Fork von Owncloud und noch nicht all zu lange. Bei der Einrichtung von Nextcloud auf einem Debian 8 mit ISPConfig3.1 hatte ich das Problem das es nicht ohne weiteres funktionierte hier kurz erklärt was ich machte um das Problem unter Debian Jessie mit Nginx Nextcloud in den griff zu bekommen.

Debian 8 mit ISPConfig 3.1 nach den HowtoForge Anleitungen . Ich verwende PHP7.1 in dieser Installation 

Web erstellen Datenbank Nextcloud installieren wie beschrieben im Handbuch

In den PHP Direktiven in ISPConfig3

upload_max_filesize=20g
post_max_size=20g
always_populate_raw_post_data=-1
max_execution_time = 3600

 

Im ISPConfig3 in den nginx Direktiven folgendes einfügen

 

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
        location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
location ~ \.php$ {
            try_files /b615814d8f2c19dbcb25b1fbae07ce38.htm @php2;
        }
    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location /.well-known/acme-challenge { }
    # set max upload size
    client_max_body_size 20G;
    fastcgi_buffers 64 4K;
    # Disable gzip to avoid the removal of the ETag header
    gzip off;
    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    # pagespeed off;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
    location / {
        rewrite ^ /index.php$uri;
    }
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }
    location ~ ^(.+?\.php)(/.*)?$ {
                        try_files $1 =404;
                        include fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME $document_root$1;
                        fastcgi_param PATH_INFO $2;
                        fastcgi_param HTTPS $https;
                        {FASTCGIPASS}
                        fastcgi_intercept_errors on;
                        fastcgi_index index.php;
                        fastcgi_buffers 64 64K;
                        fastcgi_buffer_size 256k;
                        fastcgi_param modHeadersAvailable true;
                        fastcgi_read_timeout 7200; 
        }
    location @php2 {
                        fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
                        include fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_param PATH_INFO $fastcgi_path_info;
                        fastcgi_param HTTPS $https;
                        {FASTCGIPASS}
                        fastcgi_intercept_errors on;
                        fastcgi_index index.php;
                        fastcgi_buffers 64 64K;
                        fastcgi_buffer_size 256k;
                        fastcgi_param modHeadersAvailable true;
                        fastcgi_read_timeout 7200; 
        }
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
        fastcgi_param front_controller_active true;
        #fastcgi_pass php-handler;
#fastcgi_pass unix:/var/run/hhvm/hhvm.sock;
    {FASTCGIPASS}
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }
    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }
    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
location = /data/htaccesstest.txt {
  allow all;
  log_not_found off;
  access_log off;
}

Nginx Version: nginx version: nginx/1.10.3

Anmerkung: Veränderung von Hand in der host des webs über die console sind ungünstig da ISPConfig bei Änderungen eure Einstellungen überschreibt. Daher bester weg über die Direktiven im ISPConfig System .