Adding nextcloud changes to make it more secure
This commit is contained in:
Moritz Graf
parent
9a1a6b6bf4
commit
07722671d4
|
|
@ -73,6 +73,11 @@ k apply -f openebs/storageclass.yml
|
||||||
|
|
||||||
Switching to [Bitnami chart](https://artifacthub.io/packages/helm/bitnami/minio) as "normal" chart just too big.
|
Switching to [Bitnami chart](https://artifacthub.io/packages/helm/bitnami/minio) as "normal" chart just too big.
|
||||||
|
|
||||||
|
Links:
|
||||||
|
|
||||||
|
* [minio-console.haumdaucher.de](minio-console.haumdaucher.de)
|
||||||
|
* [minio.haumdaucher.de](minio.haumdaucher.de)
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
helm repo update
|
helm repo update
|
||||||
helm upgrade --install -f minio/minio.secret.yaml --namespace minio --create-namespace minio bitnami/minio
|
helm upgrade --install -f minio/minio.secret.yaml --namespace minio --create-namespace minio bitnami/minio
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -1,18 +1,64 @@
|
||||||
|
phpClientHttpsFix:
|
||||||
|
enabled: "true"
|
||||||
|
protocol: "https"
|
||||||
|
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ingressClass: nginx
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
kubernetes.io/ingress.class: "nginx"
|
||||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
|
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||||
|
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
|
||||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
||||||
|
nginx.ingress.kubernetes.io/server-snippet: |-
|
||||||
|
server_tokens off;
|
||||||
|
proxy_hide_header X-Powered-By;
|
||||||
|
|
||||||
|
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
||||||
|
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 $scheme://$host/remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "cloud.haumdaucher.de"
|
- "cloud.haumdaucher.de"
|
||||||
secretName: cloud-haumdaucher-de
|
secretName: cloud-haumdaucher-de
|
||||||
|
|
||||||
nextcloud:
|
nextcloud:
|
||||||
host: "cloud.haumdaucher.de"
|
host: "cloud.haumdaucher.de"
|
||||||
username: admin
|
username: admin
|
||||||
password: loKeengoo6OoZaevahZai4Hie
|
password: loKeengoo6OoZaevahZai4Hie
|
||||||
|
configs:
|
||||||
|
proxy.config.php: |-
|
||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
'trusted_proxies' => array(
|
||||||
|
0 => '127.0.0.1',
|
||||||
|
1 => '10.0.0.0/8',
|
||||||
|
2 => '136.243.23.215',
|
||||||
|
),
|
||||||
|
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
|
||||||
|
);
|
||||||
cronjob:
|
cronjob:
|
||||||
enabled: true
|
enabled: true
|
||||||
internalDatabase:
|
internalDatabase:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue