server {
listen 0.0.0.0:80 http2;
listen [::]:80 http2;
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2;
#ssl_certificate /etc/ssl/upload.domain.tld.crt;
#ssl_certificate_key /etc/ssl/upload.domain.tld.key;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
#ssl_protocols TLSv1.3;
#ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#add_header Strict-Transport-Security "max-age=63072000" always;
# Uncomment to require authentication for all access
#auth_basic "Access Restricted";
#auth_basic_user_file /etc/nginx/htpasswd;
location / {
root /usr/share/nginx/html/;
autoindex on;
# Allow uploading, only into the root
location ~ "/upload/([^\/]+)$" {
alias /usr/share/nginx/html/$1;
client_body_temp_path /tmp;
client_max_body_size 100M;
dav_methods PUT;
dav_access user:rw group:rw all:r;
}
}
# Share the same root but with access control
location /private/ {
alias /usr/share/nginx/html/;
autoindex on;
auth_basic "Access Restricted";
auth_basic_user_file /etc/nginx/htpasswd;
# Allow uploading, only into the root
location ~ "/private/upload/([^\/]+)$" {
alias /usr/share/nginx/html/$1;
client_body_temp_path /tmp;
client_max_body_size 100M;
dav_methods PUT;
dav_access user:rw group:rw all:r;
}
}
}