NextCloud (V)

/etc/nginx/sites-available/nextcloud.example.com:
-------------------------------------------------
# HTTP: Redirect to HTTPS
server {
    server_name nextcloud.example.com;
    listen 80;
    return 301 https://$server_name$request_uri;
}

# HTTPS
server {
    server_name nextcloud.example.com;
    listen 443 ssl http2;

    ssl_certificate     /etc/nginx/ssl/example.pem;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    # Logs
    include conf.d/nextcloud-example-com/logs;

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav {
            return 301 /remote.php/dav/;
        }
        location = /.well-known/caldav {
            return 301 /remote.php/dav/;
        }

        location = /.well-known/webfinger {
            return 301 /index.php/.well-known/webfinger;
        }
        location = /.well-known/nodeinfo {
            return 301 /index.php/.well-known/nodeinfo;
        }

        location /.well-known/acme-challenge {
            try_files $uri $uri/ =404;
        }
        location /.well-known/pki-validation {
            try_files $uri $uri/ =404;
        }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # Max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;

       # Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;

       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;

        # Add headers to serve security related headers
        add_header Cache-Control "public, max-age=7200";
        include conf.d/nextcloud-dcere-com/headers;

        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;

        # Optional: Don't log access to other assets
        access_log off;
   }
}