Skip to content

Commit

Permalink
chore(nextcloud): docs of new headers
Browse files Browse the repository at this point in the history
Signed-off-by: WrenIX <[email protected]>
  • Loading branch information
wrenix committed Oct 22, 2024
1 parent b0af62e commit 5e8b9b5
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
29 changes: 29 additions & 0 deletions charts/nextcloud/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ helm install my-release nextcloud/nextcloud
* [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
* [Persistence Configurations](#persistence-configurations)
* [Metrics Configurations](#metrics-configurations)
* [Headers set on nginx](#headers-set-on-nginx)
* [Probes Configurations](#probes-configurations)
* [Cron jobs](#cron-jobs)
* [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
Expand Down Expand Up @@ -398,6 +399,34 @@ helm install --name my-release -f values.yaml nextcloud/nextcloud
> **Tip**: You can use the default [values.yaml](values.yaml)
### Headers set on NGINX
It is possible to set any additional header
| Parameter | Description | Default |
|------------------------------|-------------------------------------|-----------|
| `nginx.config.headers.<key>` | Headers which are added with nginx | |
Following keys are already set with this values:
- Referrer-Policy: `no-referrer`
- X-Content-Type-Options: `nosniff`
- X-Download-Options: `noopen`
- X-Frame-Options: `SAMEORIGIN`
- X-Permitted-Cross-Domain-Policies: `none`
- X-Robots-Tag: `noindex, nofollow`
- X-XSS-Protection: `1; mode=block`
Maybe you like to set:
- Strict-Transport-Security: `max-age=15768000; includeSubDomains; preload;`
> [!WARNING]
> Only add the preload option once you read about
> the consequences in https://hstspreload.org/. This option
> will add the domain to a hardcoded list that is shipped
> in all major browsers and getting removed from this list
> could take several months.
### Probes Configurations
The nextcloud deployment includes a series of different probes you can use to determine if a pod is ready or not. You can learn more in the [Configure Liveness, Readiness and Startup Probes Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/).
Expand Down
3 changes: 2 additions & 1 deletion charts/nextcloud/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,8 @@ nginx:
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
# example: hsts: "max-age=15768000; includeSubDomains; preload;"
# Example:
# "Strict-Transport-Security": "max-age=15768000; includeSubDomains; preload;"
"Strict-Transport-Security": ""
"Referrer-Policy": "no-referrer"
"X-Content-Type-Options": "nosniff"
Expand Down

0 comments on commit 5e8b9b5

Please sign in to comment.