Add nextcloud redis and global security headers

This commit is contained in:
2026-06-23 01:50:51 +01:00
parent 2dfe47eb03
commit 5ada0d4411
2 changed files with 29 additions and 8 deletions
@@ -5,47 +5,58 @@
}
}
(security_headers) {
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "no-referrer"
Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
X-XSS-Protection "1; mode=block"
X-Permitted-Cross-Domain-Policies "none"
}
}
bulba.space {
root * /var/www/site
file_server
import web_analytics
import security_headers
}
freshrss.bulba.space {
reverse_proxy freshrss:80
import web_analytics
import security_headers
}
vikunja.bulba.space {
reverse_proxy vikunja:3456
import web_analytics
import security_headers
}
blog.bulba.space {
root * /var/www/blog
file_server
import web_analytics
import security_headers
}
gitea.bulba.space {
reverse_proxy gitea:3000
import web_analytics
import security_headers
}
jellyfin.bulba.space {
reverse_proxy jellyfin:8096
import web_analytics
import security_headers
}
nextcloud.bulba.space {
header {
X-Robots-Tag "noindex, nofollow"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "no-referrer"
Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
X-XSS-Protection: "1; mode=block"
X-Permitted-Cross-Domain-Policies "none"
}
request_body {
@@ -82,9 +93,12 @@ nextcloud.bulba.space {
close
}
import web_analytics
import security_headers
}
metrics.bulba.space {
import security_headers
import web_analytics
basic_auth {
admin $2a$14$/pMYYzIlniwZgFO7IvNCveax0OXzRpzROnE5krjtiZi5OhECQwpNi
}
@@ -107,4 +121,5 @@ collabora.bulba.space {
}
}
import web_analytics
import security_headers
}
@@ -27,14 +27,15 @@
MYSQL_DATABASE = "nextcloud";
MYSQL_USER = "nextcloud";
MYSQL_PASSWORD = config.sops.secrets.nextcloud-db_password.path;
REDIS_HOST = "nextcloud-redis";
};
volumes = [
"/home/cianh/Nextcloud/:/var/www/html"
];
extraConfig = {
Unit = {
After = "podman-nextcloud-db.service";
Requires = "podman-nextcloud-db.service";
After = [ "podman-nextcloud-db.service" "podman-nextcloud-redis.service" ];
Requires = [ "podman-nextcloud-db.service" "podman-nextcloud-redis.service" ];
};
};
};
@@ -52,6 +53,11 @@
"/home/cianh/nextcloud_db:/var/lib/mysql"
];
};
nextcloud-redis = {
image = "docker.io/library/redis:alpine";
autoUpdate = "registry";
network = ["nextcloud-net"];
};
nextcloud-collabora = {
image = "docker.io/collabora/code:latest";
autoUpdate = "registry";