diff --git a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml index c05d7d8e..6cebfa75 100644 --- a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml +++ b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: MariaDB is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/mariadb diff --git a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml index 64faef6c..61a13058 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml +++ b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: MariaDB is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/mariadb @@ -45,7 +46,7 @@ services: - 127.0.0.1:8080:80 volumes: # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html - - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing) - nextcloud:/var/www/html:z,ro depends_on: diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index 0d67b8b0..2735ab5d 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,13 +161,13 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } # Serve static files - location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; @@ -176,12 +175,7 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.examples/docker-compose/insecure/postgres/apache/compose.yaml b/.examples/docker-compose/insecure/postgres/apache/compose.yaml index 8ae34013..12e62c60 100644 --- a/.examples/docker-compose/insecure/postgres/apache/compose.yaml +++ b/.examples/docker-compose/insecure/postgres/apache/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: PostgreSQL is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/postgres diff --git a/.examples/docker-compose/insecure/postgres/fpm/compose.yaml b/.examples/docker-compose/insecure/postgres/fpm/compose.yaml index 8a88afd4..87d8e292 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/compose.yaml +++ b/.examples/docker-compose/insecure/postgres/fpm/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: PostgreSQL is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/postgres @@ -40,7 +41,7 @@ services: - 127.0.0.1:8080:80 volumes: # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html - - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing) - nextcloud:/var/www/html:z,ro depends_on: diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index 0d67b8b0..2735ab5d 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,13 +161,13 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } # Serve static files - location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; @@ -176,12 +175,7 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml index e1132818..6e8a9972 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: MariaDB is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/mariadb diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml index 13d4a40b..128ccf89 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: MariaDB is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/mariadb @@ -44,7 +45,7 @@ services: restart: always volumes: # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html - - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing) - nextcloud:/var/www/html:z,ro environment: @@ -105,7 +106,7 @@ services: depends_on: - proxy -# self signed, outdated. +# self signed, outdated. # omgwtfssl: # image: paulczar/omgwtfssl # restart: "no" diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index f3f90640..1c118539 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,13 +161,13 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } # Serve static files - location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; @@ -176,12 +175,7 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml b/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml index 035359f0..d5365ca8 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: PostgreSQL is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/postgres diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml index 78654edd..1a632966 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml @@ -1,3 +1,4 @@ +--- services: # Note: PostgreSQL is an external service. You can find more information about the configuration here: # https://hub.docker.com/_/postgres diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index f3f90640..1c118539 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -83,7 +83,6 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -162,13 +161,13 @@ http { fastcgi_pass php-handler; fastcgi_intercept_errors on; - fastcgi_request_buffering off; + fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header. fastcgi_max_temp_file_size 0; } # Serve static files - location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ { + location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463$asset_immutable"; add_header Referrer-Policy "no-referrer" always; @@ -176,12 +175,7 @@ http { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets - - location ~ \.wasm$ { - default_type application/wasm; - } } location ~ \.(otf|woff2?)$ { diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index e8b70226..844787c0 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -1,3 +1,4 @@ +--- name: Images on: @@ -5,7 +6,7 @@ on: workflow_run: workflows: ["update.sh"] branches: [master] - types: + types: - completed defaults: diff --git a/.github/workflows/update-sh.yml b/.github/workflows/update-sh.yml index efb8283c..fd9eb8cd 100644 --- a/.github/workflows/update-sh.yml +++ b/.github/workflows/update-sh.yml @@ -1,11 +1,12 @@ +--- name: update.sh on: push: branches: - - master + - master schedule: - - cron: '15 18 * * *' + - cron: '15 18 * * *' workflow_dispatch: jobs: @@ -13,17 +14,17 @@ jobs: name: Run update.sh script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Run update.sh script - run: ./update.sh - - name: Commit files - run: | - git config --local user.email "workflow@github.com" - git config --local user.name "GitHub Workflow" - git add -A - git commit -m "Runs update.sh" || echo "Nothing to update" - - name: Push changes - uses: ad-m/github-push-action@master - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - force: true + - uses: actions/checkout@v4 + - name: Run update.sh script + run: ./update.sh + - name: Commit files + run: | + git config --local user.email "workflow@github.com" + git config --local user.name "GitHub Workflow" + git add -A + git commit -m "Runs update.sh" || echo "Nothing to update" + - name: Push changes + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + force: true