From 177477d3cb14336f356ad65fd6d59e0c0ce616bd Mon Sep 17 00:00:00 2001 From: szaimen Date: Fri, 6 May 2022 17:03:54 +0200 Subject: [PATCH] improve the traefik reverse proxy documentation Signed-off-by: szaimen --- reverse-proxy.md | 59 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 17 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 2f60eec0..ec65204e 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -80,25 +80,50 @@ Unfortunately it is not possible to configure nginx-proxy in a way that works be **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! -Add a `nc.toml` to the Treafik rules folder with the following content: +1. Add a `nextcloud.toml` to the Treafik rules folder with the following content: -```toml -[http.routers] - [http.routers.nc-rtr] - entryPoints = ["https"] - rule = "Host()" - service = "nc-svc" - middlewares = ["chain-no-auth"] - [http.routers.nc-rtr.tls] - certresolver = "le" + ```toml + [http.routers] + [http.routers.nc-rtr] + entryPoints = ["https"] + rule = "Host()" + service = "nc-svc" + middlewares = ["chain-no-auth"] + [http.routers.nc-rtr.tls] + certresolver = "le" -[http.services] - [http.services.nc-svc] - [http.services.nc-svc.loadBalancer] - passHostHeader = true - [[http.services.nc-svc.loadBalancer.servers]] - url = "http://:11000" -``` + [http.services] + [http.services.nc-svc] + [http.services.nc-svc.loadBalancer] + passHostHeader = true + [[http.services.nc-svc.loadBalancer.servers]] + url = "http://:11000" + ``` + +2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content: + + ```toml + [http.middlewares.nc-middlewares-secure-headers] + [http.middlewares.nc-middlewares-secure-headers.headers] + hostsProxyHeaders = ["X-Forwarded-Host"] + sslRedirect = true + stsSeconds = 63072000 + stsIncludeSubdomains = true + stsPreload = true + forceSTSHeader = true + referrerPolicy = "same-origin" + X-Robots-Tag = "none" + ``` + +3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content: + + ```toml + [http.middlewares.chain-nc] + [http.middlewares.chain-nc.chain] + middlewares = [ "middlewares-rate-limit", "nc-middlewares-secure-headers"] + ``` + +--- Of course you need to modify `` to the domain on which you want to run Nextcloud. You will also need to modify `` to the private ip-address of the host that is running the docker daemon. **Advice:** the `nextcloud-aio-mastercontainer` is **NOT** running the docker daemon. The host itself is running the docker daemon.