RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule /.* https://%{SERVER_NAME}$0 Header always set \ Strict-Transport-Security "max-age=63072000; includeSubDomains" Timeout 600 DocumentRoot /usr/share/nextcloud Require all granted AllowOverride All Options FollowSymLinks MultiViews Dav off Options -MultiViews RewriteRule ^\.well-known/carddav /remote.php/dav [R=301,L] RewriteRule ^\.well-known/caldav /remote.php/dav [R=301,L] RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L] RewriteRule ^\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L] RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1] RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1] RewriteCond %{REQUEST_FILENAME} !\.(css|js|mjs|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4)$ RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$ RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$ RewriteCond %{REQUEST_FILENAME} !/remote.php RewriteCond %{REQUEST_FILENAME} !/public.php RewriteCond %{REQUEST_FILENAME} !/cron.php RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php RewriteCond %{REQUEST_FILENAME} !/status.php RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php RewriteCond %{REQUEST_FILENAME} !/robots.txt RewriteCond %{REQUEST_FILENAME} !/updater/ RewriteCond %{REQUEST_FILENAME} !/ocs-provider/ RewriteCond %{REQUEST_FILENAME} !/ocm-provider/ RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.* RewriteRule . index.php [PT,E=PATH_INFO:$1] RewriteBase / SetEnv front_controller_active true DirectorySlash off Alias /apps-appstore /var/lib/nextcloud/apps Alias /custom_apps /var/lib/nextcloud/apps Require all granted Require all granted