Add CSP header for nextcloud

author: Patrick Spek <p.spek@tyil.nl> 2023-07-27 17:15:56 +0200
committer: Patrick Spek <p.spek@tyil.nl> 2023-07-27 17:15:56 +0200
commit: 35a881c6c1d7c26e1878cc38430af4a8a197bcc2 (patch)
tree: 529ef7250d1b8fe3c8e040dca0a4b26e634b386c
parent: defeb201b5292566cc93bd5559c13009a26cee38 (diff)
2 files changed, 13 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
new file mode 100644
index 0000000..e3b4179
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: headers-nextcloud
+  namespace: kube-system
+spec:
+  headers:
+    stsPreload: true
+    forceSTSHeader: true
+    contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+...
diff --git a/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
index 106926f..ac616a0 100644
--- a/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
@@ -11,6 +11,7 @@ metadata:
     app.kubernetes.io/part-of: personal-services
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-production"
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-nextcloud@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
author	Patrick Spek <p.spek@tyil.nl>	2023-07-27 17:15:56 +0200
committer	Patrick Spek <p.spek@tyil.nl>	2023-07-27 17:15:56 +0200
commit	35a881c6c1d7c26e1878cc38430af4a8a197bcc2 (patch)
tree	529ef7250d1b8fe3c8e040dca0a4b26e634b386c
parent	defeb201b5292566cc93bd5559c13009a26cee38 (diff)