http: middlewares: lan-only: ipWhiteList: sourceRange: - "127.0.0.1/32" - "192.168.1.1/24" simple-auth: basicAuth: usersFile: "/.htpasswd" securityheaders: headers: customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" server: "" sslProxyHeaders: X-Forwarded-Proto: https referrerPolicy: "same-origin" hostsProxyHeaders: - "X-Forwarded-Host" customRequestHeaders: X-Forwarded-Proto: "https" X-Scheme: https contentTypeNosniff: true browserXssFilter: true forceSTSHeader: true stsIncludeSubdomains: true stsSeconds: 63072000 stsPreload: true pihole: addprefix: prefix: "/admin" traefik-forward-auth: forwardauth: address: http://forwardauth:4181 trustForwardHeader: true authResponseHeaders: - X-Forwarded-User traefik-forward-auth-privileged: forwardauth: address: http://forwardauth-privileged:4181 trustForwardHeader: true authResponseHeaders: - X-Forwarded-User nextcloud-headers: headers: accessControlMaxAge: 100 sslRedirect: true stsSeconds: 63072000 stsIncludeSubdomains: true stsPreload: true forceSTSHeader: true customFrameOptionsValue: "SAMEORIGIN" #CSP takes care of this but may be needed for organizr. contentTypeNosniff: true browserXssFilter: true sslForceHost: true sslHost: "nextcloud.jafner.net" referrerPolicy: "no-referrer" #contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';" featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" customResponseHeaders: X-Robots-Tag: "noindex, nofollow" server: "" nextcloud-redirect: redirectRegex: permanent: true regex: "https://(.*)/.well-known/(card|cal)dav" replacement: "https://${1}/remote.php/dav/" keycloak: headers: customResponseHeaders: X-Robots-Tag: "noindex, nofollow" referrerPolicy: "same-origin" hostsProxyHeaders: - "X-Forwarded-Host" customRequestHeaders: X-Forwarded-Proto: "https" X-Scheme: https serversTransports: insecureskipverify: insecureSkipVerify: true