From 5e8b9b5544266b56929da972312b9f6c4c34aceb Mon Sep 17 00:00:00 2001 From: WrenIX Date: Sat, 21 Sep 2024 12:03:26 +0200 Subject: [PATCH] chore(nextcloud): docs of new headers Signed-off-by: WrenIX --- charts/nextcloud/README.md | 29 +++++++++++++++++++++++++++++ charts/nextcloud/values.yaml | 3 ++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 62e033ef..6855864c 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -20,6 +20,7 @@ helm install my-release nextcloud/nextcloud * [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration) * [Persistence Configurations](#persistence-configurations) * [Metrics Configurations](#metrics-configurations) + * [Headers set on nginx](#headers-set-on-nginx) * [Probes Configurations](#probes-configurations) * [Cron jobs](#cron-jobs) * [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars) @@ -398,6 +399,34 @@ helm install --name my-release -f values.yaml nextcloud/nextcloud > **Tip**: You can use the default [values.yaml](values.yaml) +### Headers set on NGINX + +It is possible to set any additional header + +| Parameter | Description | Default | +|------------------------------|-------------------------------------|-----------| +| `nginx.config.headers.` | Headers which are added with nginx | | + + +Following keys are already set with this values: + - Referrer-Policy: `no-referrer` + - X-Content-Type-Options: `nosniff` + - X-Download-Options: `noopen` + - X-Frame-Options: `SAMEORIGIN` + - X-Permitted-Cross-Domain-Policies: `none` + - X-Robots-Tag: `noindex, nofollow` + - X-XSS-Protection: `1; mode=block` + +Maybe you like to set: + - Strict-Transport-Security: `max-age=15768000; includeSubDomains; preload;` +> [!WARNING] +> Only add the preload option once you read about +> the consequences in https://hstspreload.org/. This option +> will add the domain to a hardcoded list that is shipped +> in all major browsers and getting removed from this list +> could take several months. + + ### Probes Configurations The nextcloud deployment includes a series of different probes you can use to determine if a pod is ready or not. You can learn more in the [Configure Liveness, Readiness and Startup Probes Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 8d4b8196..92e7cc91 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -338,7 +338,8 @@ nginx: # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - # example: hsts: "max-age=15768000; includeSubDomains; preload;" + # Example: + # "Strict-Transport-Security": "max-age=15768000; includeSubDomains; preload;" "Strict-Transport-Security": "" "Referrer-Policy": "no-referrer" "X-Content-Type-Options": "nosniff"