no .htaccess but our own apache config

apps/web/nextcloud/Dockerfile

@@ -13,6 +13,12 @@ RUN sed -i 's@deb.debian.org@apt-cache.lan/deb.debian.org@g' /etc/apt/sources.li
 
 RUN	touch /usr/src/nextcloud/data/.ocdata
 COPY config.php /usr/src/nextcloud/config/
+#COPY htaccess-data /usr/src/nextcloud/data/.htaccess
+COPY apache-default-vhost.conf /etc/apache2/sites-available/000-default.conf
+RUN mv /usr/src/nextcloud/.htaccess /usr/src/nextcloud/.htaccess.bak
+RUN mv /usr/src/nextcloud/config/.htaccess /usr/src/nextcloud/config/.htaccess.bak
+
 #install ca.crt update script to the container
+
 COPY post-start.sh /
 RUN chmod +x /post-start.sh

apps/web/nextcloud/apache-default-vhost.conf

@@ -0,0 +1,150 @@
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+	<Directory /var/www/html>
+	AllowOverride None
+	<IfModule mod_headers.c>
+	<IfModule mod_setenvif.c>
+	<IfModule mod_fcgid.c>
+	SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+	RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+	</IfModule>
+	<IfModule mod_proxy_fcgi.c>
+	SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
+	</IfModule>
+	</IfModule>
+
+	<IfModule mod_env.c>
+# Add security and privacy related headers
+
+# Avoid doubled headers by unsetting headers in "onsuccess" table,
+# then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+	Header onsuccess unset Referrer-Policy
+	Header always set Referrer-Policy "no-referrer"
+
+	Header onsuccess unset X-Content-Type-Options
+	Header always set X-Content-Type-Options "nosniff"
+
+	Header onsuccess unset X-Download-Options
+	Header always set X-Download-Options "noopen"
+
+	Header onsuccess unset X-Frame-Options
+	Header always set X-Frame-Options "SAMEORIGIN"
+
+	Header onsuccess unset X-Permitted-Cross-Domain-Policies
+	Header always set X-Permitted-Cross-Domain-Policies "none"
+
+	Header onsuccess unset X-Robots-Tag
+	Header always set X-Robots-Tag "none"
+
+	Header onsuccess unset X-XSS-Protection
+	Header always set X-XSS-Protection "1; mode=block"
+
+	SetEnv modHeadersAvailable true
+	</IfModule>
+
+# Add cache control for static resources
+	<FilesMatch "\.(css|js|svg|gif)$">
+	Header set Cache-Control "max-age=15778463"
+	</FilesMatch>
+
+# Let browsers cache WOFF files for a week
+	<FilesMatch "\.woff2?$">
+	Header set Cache-Control "max-age=604800"
+	</FilesMatch>
+	</IfModule>
+	<IfModule mod_php7.c>
+	php_value mbstring.func_overload 0
+	php_value default_charset 'UTF-8'
+	php_value output_buffering 0
+	<IfModule mod_env.c>
+	SetEnv htaccessWorking true
+	</IfModule>
+	</IfModule>
+	<IfModule mod_rewrite.c>
+	RewriteEngine on
+	RewriteCond %{HTTP_USER_AGENT} DavClnt
+	RewriteRule ^$ /remote.php/webdav/ [L,R=302]
+	RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+	RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
+	RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
+	RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
+	RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
+	RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
+	RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
+	RewriteRule ^remote/(.*) remote.php [QSA,L]
+	RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
+	RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
+	RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
+	</IfModule>
+	<IfModule mod_mime.c>
+	AddType image/svg+xml svg svgz
+	AddEncoding gzip svgz
+	</IfModule>
+	<IfModule mod_dir.c>
+	DirectoryIndex index.php index.html
+	</IfModule>
+	AddDefaultCharset utf-8
+	Options -Indexes
+	<IfModule pagespeed_module>
+	ModPagespeed Off
+	</IfModule>
+
+	</Directory>
+
+	<Directory /var/www/html/config>
+	AllowOverride None
+# Section for Apache 2.4 to 2.6
+	<IfModule mod_authz_core.c>
+	Require all denied
+	</IfModule>
+	<IfModule mod_access_compat.c>
+	Order Allow,Deny
+	Deny from all
+	Satisfy All
+	</IfModule>
+
+# Section for Apache 2.2
+	<IfModule !mod_authz_core.c>
+	<IfModule !mod_access_compat.c>
+	<IfModule mod_authz_host.c>
+	Order Allow,Deny
+	Deny from all
+	</IfModule>
+	Satisfy All
+	</IfModule>
+	</IfModule>
+
+# Section for Apache 2.2 to 2.6
+	<IfModule mod_autoindex.c>
+	IndexIgnore *
+	</IfModule>
+	</Directory>
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet