Maj nextcloud + fix cors

2022-09-13 19:50:02 +02:00 · 2022-09-13 19:50:02 +02:00 · ace9ab6887
commit ace9ab6887
parent 7d8bb7ae4e
2 changed files with 8 additions and 5 deletions
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@ -16,6 +16,7 @@ networks:
 services:
  nextcloud-app:
    image: nextcloud-cron:23.0.9
+    build: .
    container_name: nextcloud-app
    restart: unless-stopped
    extra_hosts :
@ -40,7 +41,7 @@ services:
      traefik.http.services.nextcloud-web.loadbalancer.server.port: 80
      traefik.enable: true
      # https://docs.nextcloud.com/server/16/admin_manual/configuration_server/reverse_proxy_configuration.html
-      traefik.http.routers.nextcloud-web.middlewares: nextcloud-web@docker
+      traefik.http.routers.nextcloud-web.middlewares: nextcloud-web@docker, allowFrameAndCORS@file
      traefik.http.middlewares.nextcloud-web.redirectregex.permanent: true
      traefik.http.middlewares.nextcloud-web.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
      traefik.http.middlewares.nextcloud-web.redirectregex.replacement: "https://$${1}/remote.php/dav/"
@ -48,7 +49,7 @@ services:

  redis:
    image: redis
-    image: 'bitnami/redis:7.0.2'
+    image: 'bitnami/redis:7.0.4'
    container_name: redis
    environment:
      - "TZ=Europe/Paris"
@ -59,7 +60,7 @@ services:


  nextcloud-db:
-    image: postgres:11
+    image: postgres:11.17-bullseye
    container_name: nextcloud-db
    volumes:
      - nextcloud-db:/var/lib/postgresql/data
@ -93,5 +94,6 @@ services:
      traefik.http.routers.collabora.entrypoints: websecure
      traefik.http.routers.collabora.rule: Host(`code.oasis21.org`)
      traefik.http.services.collabora.loadbalancer.server.port: 9980
+      traefik.http.routers.collabora.middlewares: allowFrameAndCORS@file
      traefik.enable: true

--- a/traefik/traefik_dynamic.toml
+++ b/traefik/traefik_dynamic.toml
@ -18,7 +18,7 @@
    frameDeny = true
    stsIncludeSubdomains = true
    stsPreload = true
-    customFrameOptionsValue = "SAMEORIGIN"
+    customFrameOptionsValue = "ALLOW-FROM https://code.oasis21.org https://cloud.oasis21.org"
    referrerPolicy = "same-origin"
    permissionsPolicy = "vibrate='self'"
    stsSeconds = 315360000
@ -27,7 +27,8 @@
    excludedContentTypes = ["text/event-stream"]

  [http.middlewares.allowFrameAndCORS.headers]
-    contentSecurityPolicy = "frame-ancestors *"
+    customFrameOptionsValue = "ALLOW-FROM https://code.oasis21.org"
+    contentSecurityPolicy = "frame-ancestors * cloud.oasis21.org"
    accessControlAllowHeaders = ["*"]
    accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
    accessControlAllowOriginList = ["*"]