[Owncloud] Nginx configuration

Ed W lists at wildgooses.com
Thu Feb 21 14:13:05 UTC 2013 

I disagree with the current nginx config... Near as I can see it's got 
gaping security holes and duplicated code

I have posted my current best suggestion on issue 56 below, but I'm 
really not happy with it (and it doesn't include the neat suggestions 
for HTTP auth from another user)

Bigger issue is that Owncloud seems to have some mild policy, but has no 
issue serving files willy nilly across the installation, nor does it 
limit the executable PHP locations.. (coupled with writeable PHP this is 
a potential security blackspot)

Nginx tends to encourage one to review the setup much more carefully 
because you need to write stanzas more carefully for each file path. As 
you can see you end up with a rather messy configuration, which could be 
improved by increasing the tightness (and security) of OCs filesystem 
layout for apps...

Please see if you can improve on my suggestion in issue 56 (it's the 
"if" which needs to be removed...)

Ed W


On 21/02/2013 06:07, Victor Dubiniuk wrote:
> Hi,
>
> Basic Nginx config is here [1].
> I'm using the following config with 4.5 [2].
> I haven't set up 5.0 on this host yet but as I see there are some 
> updates for it [3].
>
> [1] 
> http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html
> [2] https://github.com/owncloud/documentation/issues/21
> [3] https://github.com/owncloud/documentation/issues/56
>
> Victor
>
>
> On Thu, Feb 21, 2013 at 2:21 AM, Boulet <boulet at moiboulet.eu 
> <mailto:boulet at moiboulet.eu>> wrote:
>
>     Hi everyone,
>
>     I want to test OC 5 with nginx but I have some mistakes with the
>     rewrite rules.
>     Is anyone using nginx could share his nginx config ?
>
>     Thanks a lot,
>
>     Boulet,
>     A junior developer.
>
>     _______________________________________________
>     Owncloud mailing list
>     Owncloud at kde.org <mailto:Owncloud at kde.org>
>     https://mail.kde.org/mailman/listinfo/owncloud
>
>
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130221/d4c76010/attachment.html>

More information about the Owncloud mailing list