add_header  X-Robots-Tag "no-referrer, noindex, nofollow, nosnippet, noarchive";

proxy_cache_path /tmp/nextcloud/ levels=1:2 keys_zone=my_cache_nextcloud:10m max_size=10g         
                 inactive=60m use_temp_path=off;

server{
        listen 80;
        server_name nextcloud.egonetix.de;
        return 301 https://$server_name/$request_uri;
}

server {
 listen 10.0.0.29:443 ssl http2;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 add_header Referrer-Policy "no-referrer" always;
 # SSL config
 ssl on;
 ssl_certificate /etc/letsencrypt/live/nextcloud.egonetix.de/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/nextcloud.egonetix.de/privkey.pem;
 ssl_dhparam /etc/ssl/certs/dhparam.pem;

 # Make site accessible from http://localhost/
 server_name nextcloud.egonetix.de;

 access_log /var/log/nginx/nextcloud-access_log;
 error_log /var/log/nginx/nextcloud-error_log;

 proxy_set_header X-Forwarded-Proto $scheme;

 set $upstream 10.0.0.48;

#rewrite ^/$ /nextcloud;

 location / {

 proxy_cache my_cache_nextcloud;
 proxy_cache_revalidate on;
 proxy_cache_min_uses 3;
 proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
 proxy_cache_lock on;
 proxy_pass_header Authorization;
 proxy_pass http://$upstream:8089;
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header Referrer-Policy no-referrer;
# proxy_set_header X-Forwarded-Proto https;
 proxy_http_version 1.1;
 proxy_set_header Connection "";
 proxy_buffering off;
 client_max_body_size 20G;
 proxy_read_timeout 36000s;
 proxy_redirect off;
 proxy_ssl_session_reuse off;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

 }

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}