From 35a881c6c1d7c26e1878cc38430af4a8a197bcc2 Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Thu, 27 Jul 2023 17:15:56 +0200
Subject: Add CSP header for nextcloud
---
.../kube-system/treafik/middleware-headers-nextcloud.yaml | 12 ++++++++++++
.../mieshu/personal-services/nextcloud/ingress.yaml | 1 +
2 files changed, 13 insertions(+)
create mode 100644 data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
(limited to 'data.d')
diff --git a/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
new file mode 100644
index 0000000..e3b4179
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: headers-nextcloud
+ namespace: kube-system
+spec:
+ headers:
+ stsPreload: true
+ forceSTSHeader: true
+ contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+...
diff --git a/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
index 106926f..ac616a0 100644
--- a/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
@@ -11,6 +11,7 @@ metadata:
app.kubernetes.io/part-of: personal-services
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-nextcloud@kubernetescrd
spec:
ingressClassName: traefik
tls:
--
cgit v1.1