#67 Try Traefik middleware for Nextcloud

Per: https://www.smarthomebeginner.com/traefik-docker-nextcloud/
2022-11-21 14:56:00 -08:00 · 2022-11-21 14:56:00 -08:00 · a779a2959f
commit a779a2959f
parent 1f208d8302
2 changed files with 25 additions and 1 deletions
--- a/server/config/nextcloud/docker-compose.yml
+++ b/server/config/nextcloud/docker-compose.yml
@ -16,6 +16,7 @@ services:
    labels:
      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.jafner.net`)
      - traefik.http.routers.nextcloud.tls.certresolver=lets-encrypt
      - traefik.http.routers.nextcloud.middlewares=nextcloud@file
      #- traefik.http.services.nextcloud.loadbalancer.server.scheme=https
      #- traefik.http.services.nextcloud.loadbalancer.server.port=443
    networks:
--- a/server/config/traefik/config/middlewares.yaml
+++ b/server/config/traefik/config/middlewares.yaml
@ -52,3 +52,26 @@ http:
        trustForwardHeader: true
        authResponseHeaders:
          - X-Forwarded-User
    nextcloud-middlewares-secure-headers:
      headers:
        accessControlMaxAge: 100
        sslRedirect: true
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        customFrameOptionsValue: "SAMEORIGIN" #CSP takes care of this but may be needed for organizr.
        contentTypeNosniff: true
        browserXssFilter: true
        sslForceHost: true 
        sslHost: "nextcloud.jafner.net"
        referrerPolicy: "no-referrer"
        #contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
        customResponseHeaders:
          X-Robots-Tag: "none"
          server: ""
      redirectRegex:
        permanent: true
        regex: "https://(.*)/.well-known/(card|cal)dav"
        replacement: "https://${1}/remote.php/dav/"