configs/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;


    server {
        listen      80;
        listen [::]:80;

        location / {
            rewrite ^ https://$host$request_uri? permanent;
        }

        location ^~ /.well-known {
            allow all;
            root  /data/letsencrypt/;
        }
    }

    server {
        listen      443           ssl http2;
        listen [::]:443           ssl http2;

        ssl                       on;

        add_header                Strict-Transport-Security "max-age=31536000" always;

        ssl_session_cache         shared:SSL:20m;
        ssl_session_timeout       10m;

        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";

        ssl_stapling              on;
        ssl_stapling_verify       on;
        resolver                  8.8.8.8 8.8.4.4;

        ssl_certificate           /etc/letsencrypt/live/fullchain.pem;
        ssl_certificate_key       /etc/letsencrypt/live/privkey.pem;
        ssl_trusted_certificate   /etc/letsencrypt/live/chain.pem;

        access_log                /dev/stdout;
        error_log                 /dev/stderr info;
        
        # Set the maximum size of uploads
        client_max_body_size 200m;
        client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads

        # other configs
        location /protected/ {
                root                  /data/www;
                client_body_temp_path /data/client_temp;

                dav_methods PUT DELETE MKCOL COPY MOVE;

                create_full_put_path  on;
                dav_access            group:rw  all:r;
                auth_request     /auth;
                auth_request_set $auth_status $upstream_status;
                
            }

            location = /auth {
                internal;
                proxy_pass http://localhost:1234/auth;
                proxy_pass_request_body off;
                proxy_set_header        Content-Length "";
                proxy_set_header        X-Original-URI $request_uri;
                proxy_set_header        X-Original-Method $request_method;
            }
        
        
    }
}