fix(nginx): add option to easy set HSTS

Signed-off-by: WrenIX <[email protected]>
nextcloud · Sep 19, 2024 · 8d5e6e7 · 8d5e6e7
1 parent b25b4ad
commit 8d5e6e7
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nextcloud
-version: 6.0.0
+version: 6.0.1
 appVersion: 30.0.0
 description: A file sharing server that puts the control and security of your own data back into your hands.
 keywords:

diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl
@@ -11,7 +11,9 @@ server {
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    {{- with .Values.nginx.config.header.hsts }}
+    add_header Strict-Transport-Security {{ . | quote }} always;
+    {{- end }}
 
     # set max upload size
     client_max_body_size 10G;

diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
@@ -328,6 +328,16 @@ nginx:
   config:
     # This generates the default nginx config as per the nextcloud documentation
     default: true
+    header:
+      # -- HSTS settings
+      # WARNING: Only add the preload option once you read about
+      # the consequences in https://hstspreload.org/. This option
+      # will add the domain to a hardcoded list that is shipped
+      # in all major browsers and getting removed from this list
+      # could take several months.
+      # example: hsts: "max-age=15768000; includeSubDomains; preload;"
+      hsts:
+
     custom:
     # custom: |-
     #     worker_processes  1;..