Skip to content

Commit f32d76d

Browse files
committed
Update default.conf.sample to deny dotfile access
Signed-off-by: Eric Nemchik <eric@nemchik.com>
1 parent fd8684d commit f32d76d

File tree

2 files changed

+13
-4
lines changed

2 files changed

+13
-4
lines changed

readme-vars.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,8 @@ init_diagram: |
144144
"nextcloud:previous" <- Base Images
145145
# changelog
146146
changelogs:
147-
- {date: "14.10.25:", desc: "Rebase to Alpine 3.22."}
147+
- {date: "08.02.26:", desc: "Existing users should update: site-confs/default.conf - Deny access to all dotfiles."}
148+
- {date: "10.07.25:", desc: "Rebase to Alpine 3.22."}
148149
- {date: "12.02.25:", desc: "Rebase to Alpine 3.21."}
149150
- {date: "09.01.25:", desc: "Fix uploading large files. Existing users should update their nginx confs."}
150151
- {date: "09.07.24:", desc: "Add `previous` tag for n-1 releases."}

root/defaults/nginx/site-confs/default.conf.sample

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
## Version 2025/10/14 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/previous/root/defaults/nginx/site-confs/default.conf.sample
1+
## Version 2026/02/08 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/previous/root/defaults/nginx/site-confs/default.conf.sample
22

33
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
44
map $arg_v $asset_immutable {
@@ -173,8 +173,16 @@ server {
173173
try_files $uri $uri/ /index.php$request_uri;
174174
}
175175

176-
# deny access to .htaccess/.htpasswd files
177-
location ~ /\.ht {
176+
# deny access to all dotfiles
177+
location ~ /\. {
178178
deny all;
179+
log_not_found off;
180+
access_log off;
181+
return 404;
182+
}
183+
184+
# Allow access to the ".well-known" directory
185+
location ^~ /.well-known {
186+
allow all;
179187
}
180188
}

0 commit comments

Comments
 (0)