marcio.fernandes/nextcloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5acca5d4c7a6341268c96e95a1e82f5a3ffedd6b
nextcloud/deploy/infra/ingress-web-public.yaml
Márcio Fernandes 5acca5d4c7
All checks were successful
/ continuous-deploy (push) Successful in 23s
Details
ingress/internal: relax security 
ingress/public: disabled authentik-forward-auth (problems with phone clients)
middlewares/rate-limit: increase values
middlewares/security-headers:- added sts -  fix nextcloud warning Some headers are not set correctly on your instance - The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds). For enhanced security, it is recommended to enable HSTS
2026-04-16 19:47:11 +00:00

76 lines
2.0 KiB
YAML
Raw Blame History

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-web-public
annotations:
kubernetes.io/ingress.class: traefik-public
spec:
entryPoints:
- websecure
tls:
secretName: cloud-limbosolutions-com-tls
domains:
- main: cloud.limbosolutions.com
routes:
# AUTHENTIK OUTPOST
- match: Host(`cloud.limbosolutions.com`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: id-limbosolutions-com
port: 9000
middlewares:
- name: nextcloud-security-headers
- name: rate-limit
# PUBLIC SHARES (NO SSO)
- match: Host(`cloud.limbosolutions.com`) &&
(PathPrefix(`/s/`) ||
PathPrefix(`/index.php/s/`) ||
PathPrefix(`/public.php/`) ||
PathPrefix(`/remote.php/dav/public-files/`))
kind: Rule
services:
- name: nextcloud
port: 8080
middlewares:
- name: rate-limit
- name: nextcloud-security-headers
# Sync clients + mobile app (no SSO)
- match: Host(`cloud.limbosolutions.com`) &&
(PathPrefix(`/remote.php/dav`) ||
PathPrefix(`/remote.php/webdav`) ||
PathPrefix(`/remote.php/caldav`) ||
PathPrefix(`/remote.php/carddav`) ||
PathPrefix(`/ocs/v1.php`) ||
PathPrefix(`/ocs/v2.php`) ||
PathPrefix(`/status.php`) ||
PathPrefix(`/index.php/login/v2`) ||
PathPrefix(`/index.php/login/v2/poll`))
kind: Rule
services:
- name: nextcloud
port: 8080
middlewares:
- name: webdav-strip-auth
- name: rate-limit
# 3) EVERYTHING ELSE (SSO REQUIRED)
- match: Host(`cloud.limbosolutions.com`)
kind: Rule
services:
- name: nextcloud
port: 8080
middlewares:
# - name: authentik-forward-auth
- name: nextcloud-security-headers
- name: rate-limit
Reference in New Issue View Git Blame Copy Permalink