diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-16 00:52:10 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-16 01:30:44 +0200 |
| commit | e43ef0c7b9490ece68af38f8a658ad8a710e4e37 (patch) | |
| tree | f9dedcfa6dee7cfe280aedf10695e73f9ce69962 /roles/nextcloud/files/etc/nginx/sites-available | |
| parent | 38c697083d50764d833adc039b10b203d36c8f56 (diff) | |
Nextcloud: use dedicated user and PHP FPM pool.
There is a real security gain in not using the 'www-data' user: nginx
workers can't read Nextcloud config files and data directory, so should
our nginx configuration be insecure a leak is much less likely.
Diffstat (limited to 'roles/nextcloud/files/etc/nginx/sites-available')
| -rw-r--r-- | roles/nextcloud/files/etc/nginx/sites-available/nextcloud | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/nextcloud/files/etc/nginx/sites-available/nextcloud b/roles/nextcloud/files/etc/nginx/sites-available/nextcloud index d748dc9..f1f4b66 100644 --- a/roles/nextcloud/files/etc/nginx/sites-available/nextcloud +++ b/roles/nextcloud/files/etc/nginx/sites-available/nextcloud @@ -76,6 +76,7 @@ server { post_max_size=512M memory_limit=512M"; fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root:/var/www/nextcloud:/mnt/nextcloud-data:/etc/nextcloud:/var/cache/nextcloud:/var/log/nextcloud:/usr/share/php:/tmp:/dev"; + fastcgi_pass unix:/run/php/php7.3-fpm@nextcloud.sock; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { |