# ============================================================================ # Nginx Configuration for WebDAV Server # Place this in: /etc/nginx/conf.d/webdav.conf # ============================================================================ # Upstream backend # HTTP Server - Redirect to HTTPS server { listen 80; listen [::]:80; server_name webdav.example.com; # Change to your domain # Let's Encrypt ACME challenge location /.well-known/acme-challenge/ { root /var/www/certbot; } upstream webdav_backend { server webdav:8080 max_fails=3 fail_timeout=30s; keepalive 32; } # Redirect all other traffic to HTTPS location / { return 301 https://$server_name$request_uri; } } # HTTPS Server - Main WebDAV server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name webdav.example.com; # Change to your domain # SSL Configuration ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; # SSL Security Settings ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_stapling on; ssl_stapling_verify on; # Security Headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; # WebDAV Specific Settings client_max_body_size 1G; # Maximum file size client_body_buffer_size 128k; client_body_timeout 300s; # Timeout for client body client_header_timeout 60s; send_timeout 300s; # Timeout for sending response # Proxy buffering (disable for large files) proxy_buffering off; proxy_request_buffering off; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; # Logging access_log /var/log/nginx/webdav_access.log combined; error_log /var/log/nginx/webdav_error.log warn; # Root location - WebDAV location / { # Proxy to backend proxy_pass http://webdav_backend; # Standard proxy headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # WebDAV specific headers proxy_set_header Destination $http_destination; proxy_set_header Depth $http_depth; proxy_set_header Overwrite $http_overwrite; proxy_set_header Lock-Token $http_lock_token; proxy_set_header Timeout $http_timeout; proxy_set_header If $http_if; # HTTP 1.1 support proxy_http_version 1.1; proxy_set_header Connection ""; # Disable redirects proxy_redirect off; # Handle errors proxy_intercept_errors off; } # Health check endpoint location /health { proxy_pass http://webdav_backend/health; access_log off; } # Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } } # ============================================================================ # HTTP Configuration without SSL (for development only) # ============================================================================ # Uncomment this section for development without SSL # server { # listen 80; # listen [::]:80; # server_name webdav.example.com; # # client_max_body_size 1G; # client_body_buffer_size 128k; # client_body_timeout 300s; # send_timeout 300s; # # location / { # proxy_pass http://webdav_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # # WebDAV headers # proxy_set_header Destination $http_destination; # proxy_set_header Depth $http_depth; # proxy_set_header Overwrite $http_overwrite; # proxy_set_header Lock-Token $http_lock_token; # # proxy_http_version 1.1; # proxy_set_header Connection ""; # proxy_redirect off; # proxy_buffering off; # } # }