fix(nginx): add option to easy set HSTS

Signed-off-by: WrenIX <dev.github@wrenix.eu>
wrenix · Sep 19, 2024 · 1aab73f · 1aab73f
1 parent 13cba3b
commit 1aab73f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl
@@ -11,7 +11,9 @@ server {
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    {{- with .Values.nginx.config.header.hsts }}
+    add_header Strict-Transport-Security {{ . | quote }} always;
+    {{- end }}
 
     # set max upload size
     client_max_body_size 10G;

diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
@@ -330,6 +330,16 @@ nginx:
   config:
     # This generates the default nginx config as per the nextcloud documentation
     default: true
+    header:
+      # -- HSTS settings
+      # WARNING: Only add the preload option once you read about
+      # the consequences in https://hstspreload.org/. This option
+      # will add the domain to a hardcoded list that is shipped
+      # in all major browsers and getting removed from this list
+      # could take several months.
+      # example: hsts: "max-age=15768000; includeSubDomains; preload;"
+      hsts:
+
     custom:
     # custom: |-
     #     worker_processes  1;..