diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ea344e2..1fda195 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -33,7 +33,7 @@ traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)" traefik.http.routers.nextcloud.entrypoints: websecure traefik.http.routers.nextcloud.tls.certresolver: letsencrypt - traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav" + traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud@file,nextcloud-webdav" traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/" traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true" diff --git a/roles/traefik/templates/security.yml.j2 b/roles/traefik/templates/security.yml.j2 index 4aaa9af..e2c728c 100644 --- a/roles/traefik/templates/security.yml.j2 +++ b/roles/traefik/templates/security.yml.j2 @@ -5,6 +5,9 @@ tls: http: middlewares: + nextcloud: + headers: + customFrameOptionsValue: SAMEORIGIN securehttps: headers: frameDeny: true