From 6aff683f504ff27f927f737c3a234fc6cb2d9094 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Wed, 18 Dec 2024 09:22:06 +0100 Subject: [PATCH 1/3] Changes for nextcloud 30 --- nextcloud/nginx.conf | 18 ++++++++++++------ proxy/docker-compose.yaml | 1 - 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf index dd2e803..a3727d7 100644 --- a/nextcloud/nginx.conf +++ b/nextcloud/nginx.conf @@ -127,7 +127,7 @@ http { # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. - return 301 https://$host:443/index.php$request_uri; + return 301 https://$host:443/index.php$request_uri; } # Rules borrowed from `.htaccess` to hide certain paths from clients @@ -164,12 +164,12 @@ http { # Javascript mimetype fixes for nginx # Note: The block below should be removed, and the js|mjs section should be - # added to the block below this one. This is a temporary fix until Nginx + # added to the block below this one. This is a temporary fix until Nginx # upstream fixes the js mime-type location ~* \.(?:js|mjs)$ { - types { + types { text/javascript js mjs; - } + } default_type "text/javascript"; try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; @@ -177,9 +177,15 @@ http { } # Serve static files - location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; - add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + add_header Cache-Control "public, max-age=15778463$asset_immutable"; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index 1670926..262e603 100755 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -15,7 +15,6 @@ services: - ${STORAGE_PATH}/caddy/data:/data - ${STORAGE_PATH}/caddy/config:/config - ${WWW_PATH}:/usr/share/caddy:ro - environment: - NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER} - NETCUP_API_KEY=${NETCUP_API_KEY} From b343d7660de4afe73019f8448e23eb60b49e3c5e Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Mon, 23 Dec 2024 15:11:55 +0100 Subject: [PATCH 2/3] remove www from start script --- start-all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/start-all.sh b/start-all.sh index 7d0ea6e..2846ba4 100755 --- a/start-all.sh +++ b/start-all.sh @@ -9,7 +9,6 @@ up proxy; up nextcloud; up git; up wallabag; -up www; up firefoxsync; up push; up rustdesk; From 0587f0e56ae125d6ef574aeafe7b2c952ad46335 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Mon, 23 Dec 2024 15:12:10 +0100 Subject: [PATCH 3/3] fix healthcheck of nextcloud db --- nextcloud/docker-compose.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml index 59fe9eb..644f0fd 100644 --- a/nextcloud/docker-compose.yaml +++ b/nextcloud/docker-compose.yaml @@ -111,9 +111,12 @@ services: - nextcloud - mariadb healthcheck: - test: ["CMD", "mysqladmin" ,"--user" ,"$MYSQL_USER" ,"--password=$MYSQL_PASSWORD" ,"ping" ,"-h" ,"localhost"] - interval: 20s - timeout: 3s + test: [ "CMD", "healthcheck.sh", "--connect", "--innodb_initialized" ] + start_period: 1m + start_interval: 10s + interval: 1m + timeout: 5s + retries: 3 labels: - "docker.group=netxtcloud"