From ebc2d55a0142f9d24568859b9536222443a3ebb7 Mon Sep 17 00:00:00 2001
From: Brad Holland <hollanbm@users.noreply.github.com>
Date: Tue, 10 May 2022 00:38:55 -0400
Subject: [PATCH] Updates for NextCloud security checks

---
 nextcloud.subdomain.conf.sample | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample
index c1c846a..cfae0e7 100644
--- a/nextcloud.subdomain.conf.sample
+++ b/nextcloud.subdomain.conf.sample
@@ -33,4 +33,21 @@ server {
 
         proxy_max_temp_file_size 2048m;
     }
+    
+    # The rules in this block are an adaptation of the rules
+    # in the Nextcloud `.htaccess` that concern `/.well-known`.
+    location /.well-known/carddav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+
+    # The rules in this block are an adaptation of the rules
+    # in the Nextcloud `.htaccess` that concern `/.well-known`.
+    location /.well-known/caldav {
+        return 301 $scheme://$host/remote.php/dav;
+    }
+
+    # Let Nextcloud's API for `/.well-known` URIs handle all other
+    # requests by passing them to the front-end controller.
+    rewrite ^/.well-known/webfinger /index.php$uri redirect;
+    rewrite ^/.well-known/nodeinfo /index.php$uri redirect;
 }