jotbe/ansible-role-nextcloud-docker
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Consolidated HTTP Security Headers (CSP not working yet)

Browse source
This commit is contained in:
Jan Beilicke 2020-04-04 23:50:06 +02:00
parent b375e7519a
commit ac66074c2d
1 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
templates/docker-compose.nextcloud.yml.j2
View file

@ -43,18 +43,17 @@ services:
- "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" - "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/" - "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true" - "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true" - "traefik.http.middlewares.nextcloud-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000" - "traefik.http.middlewares.nextcloud-headers.headers.browserXSSFilter=true"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-header" - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.SSLRedirect=true" - "traefik.http.middlewares.nextcloud-headers.headers.forceSTSHeader=true"
- "traefik.frontend.headers.browserXSSFilter=true" - "traefik.http.middlewares.nextcloud-headers.headers.STSSeconds=315360000"
- "traefik.frontend.headers.contentTypeNosniff=true" - "traefik.http.middlewares.nextcloud-headers.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.forceSTSHeader=true" - "traefik.http.middlewares.nextcloud-headers.headers.STSPreload=true"
- "traefik.frontend.headers.STSSeconds=315360000" - "traefik.http.middlewares.nextcloud-headers.headers.featurePolicy=payment 'none'"
- "traefik.frontend.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN"
- "traefik.frontend.headers.STSPreload=true" #- "traefik.http.middlewares.nextcloud-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.frontend.headers.frameDeny=true" - "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-headers"
- "traefik.frontend.passHostHeader=true"
{% if nextcloud_enable_restic_compose_backup %} {% if nextcloud_enable_restic_compose_backup %}
- "restic-compose-backup.volumes=true" - "restic-compose-backup.volumes=true"
- "restic-compose-backup.volumes.include=nextcloud" - "restic-compose-backup.volumes.include=nextcloud"