marcio.fernandes/nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ingress/internal: relax security
All checks were successful
/ continuous-deploy (push) Successful in 23s
Details

Browse Source 
ingress/public: disabled authentik-forward-auth (problems with phone clients)
middlewares/rate-limit: increase values
middlewares/security-headers:- added sts -  fix nextcloud warning Some headers are not set correctly on your instance - The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds). For enhanced security, it is recommended to enable HSTS
This commit is contained in:
Márcio Fernandes
2026-04-16 19:47:11 +00:00
parent 663049fb89
commit 5acca5d4c7
3 changed files with 15 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
deploy/infra/ingress-web.yaml
View File

@@ -14,59 +14,14 @@ spec:
- main: cloud.limbosolutions.com
routes:
# # AUTHENTIK OUTPOST
# - match: Host(`cloud.limbosolutions.com`) && PathPrefix(`/outpost.goauthentik.io`)
# kind: Rule
# services:
# - name: ak-outpost-authentik-embedded-outpost
# namespace: id-limbosolutions-com
# port: 9000
# # PUBLIC SHARES (NO SSO)
# - match: Host(`cloud.limbosolutions.com`) &&
# (PathPrefix(`/s/`) ||
# PathPrefix(`/index.php/s/`) ||
# PathPrefix(`/public.php/`) ||
# PathPrefix(`/remote.php/dav/public-files/`))
# kind: Rule
# services:
# - name: nextcloud
# port: 8080
# middlewares:
# - name: rate-limit
# - name: nextcloud-security-headers
# # Sync clients + mobile app (no SSO)
# - match: Host(`cloud.limbosolutions.com`) &&
# (PathPrefix(`/remote.php/dav`) ||
# PathPrefix(`/remote.php/webdav`) ||
# PathPrefix(`/remote.php/caldav`) ||
# PathPrefix(`/remote.php/carddav`) ||
# PathPrefix(`/ocs/v1.php`) ||
# PathPrefix(`/ocs/v2.php`) ||
# PathPrefix(`/status.php`) ||
# PathPrefix(`/index.php/login/v2`) ||
# PathPrefix(`/index.php/login/v2/poll`))
# kind: Rule
# services:
# - name: nextcloud
# port: 8080
# middlewares:
# #- name: webdav-strip-auth
# #- name: rate-limit
# 3) EVERYTHING ELSE (SSO REQUIRED)
- match: Host(`cloud.limbosolutions.com`)
kind: Rule
services:
- name: nextcloud
port: 8080
middlewares: []
#- name: authentik-forward-auth
#- name: nextcloud-security-headers
#- name: rate-limit
middlewares:
- name: nextcloud-security-headers
- name: rate-limit