From cc47e2b531ad17d4935f5af631e744b0c6f11f5c Mon Sep 17 00:00:00 2001
From: Christian Galo <christian.galo@outlook.com>
Date: Tue, 28 May 2024 20:02:04 +0000
Subject: [PATCH] Update nginx and nextcloud images to latest versions

---
 compose.yaml    | 11 +++++++----
 nginx.conf.tmpl | 15 +++++++++------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 1bbd8e1..647ea06 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,6 @@
 services:
   web:
-    image: nginx:1.25.1
+    image: nginx:1.26.0
     configs:
       - source: nginx_conf
         target: /etc/nginx/nginx.conf
@@ -32,6 +32,9 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "caddy=${DOMAIN}"
+        - "caddy.reverse_proxy={{upstreams 80}}"
+        - "caddy.tls.on_demand="
     healthcheck:
       test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php |  grep "installed\":true"']
       interval: 30s
@@ -40,7 +43,7 @@ services:
       start_period: 5m
 
   app:
-    image: nextcloud:27.0.1-fpm
+    image: nextcloud:29.0.0-fpm
     depends_on:
       - db
     configs:
@@ -94,7 +97,7 @@ services:
       start_period: 5m
 
   cron:
-    image: nextcloud:27.0.1-fpm
+    image: nextcloud:29.0.0-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -106,7 +109,7 @@ services:
     entrypoint: /cron.sh
 
   cache:
-    image: redis:7.0.12-alpine
+    image: redis:7.2.4-alpine
     networks:
       - internal
     volumes:
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
index f0e8219..d585a3b 100644
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@@ -11,6 +11,9 @@ events {
 
 http {
     include       /etc/nginx/mime.types;
+    types {
+        application/javascript js mjs;
+    }
     default_type  application/octet-stream;
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -59,12 +62,12 @@ http {
         #pagespeed off;
 
         # HTTP response headers borrowed from Nextcloud `.htaccess`
-        add_header Referrer-Policy                      "no-referrer"   always;
-        add_header X-Content-Type-Options               "nosniff"       always;
-        add_header X-Download-Options                   "noopen"        always;
-        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
-        add_header X-Robots-Tag                         "none"          always;
-        add_header X-XSS-Protection                     "1; mode=block" always;
+        add_header Referrer-Policy                      "no-referrer"       always;
+        add_header X-Content-Type-Options               "nosniff"           always;
+        add_header X-Download-Options                   "noopen"            always;
+        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
+        add_header X-Robots-Tag                         "noindex, nofollow" always;
+        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         {{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
         add_header Content-Security-Policy              "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";