From 8d5e6e78b37716c9d7ac26c63e28bb3e88faf31d Mon Sep 17 00:00:00 2001 From: WrenIX Date: Thu, 19 Sep 2024 20:02:00 +0200 Subject: [PATCH] fix(nginx): add option to easy set HSTS Signed-off-by: WrenIX --- charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/files/nginx.config.tpl | 4 +++- charts/nextcloud/values.yaml | 10 ++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index c4f004aa..835b1e70 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 6.0.0 +version: 6.0.1 appVersion: 30.0.0 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl index 8d98440a..f541c705 100644 --- a/charts/nextcloud/files/nginx.config.tpl +++ b/charts/nextcloud/files/nginx.config.tpl @@ -11,7 +11,9 @@ server { # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + {{- with .Values.nginx.config.header.hsts }} + add_header Strict-Transport-Security {{ . | quote }} always; + {{- end }} # set max upload size client_max_body_size 10G; diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 0a6ad0ad..b10ec04d 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -328,6 +328,16 @@ nginx: config: # This generates the default nginx config as per the nextcloud documentation default: true + header: + # -- HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + # example: hsts: "max-age=15768000; includeSubDomains; preload;" + hsts: + custom: # custom: |- # worker_processes 1;..