diff --git a/.idea/digitalboard.core.iml b/.idea/digitalboard.core.iml
new file mode 100644
index 0000000..0f200bc
--- /dev/null
+++ b/.idea/digitalboard.core.iml
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..03d9549
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/material_theme_project_new.xml b/.idea/material_theme_project_new.xml
new file mode 100644
index 0000000..e41ef6e
--- /dev/null
+++ b/.idea/material_theme_project_new.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..1d3ce46
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..fd05160
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..d5bdd28
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/notes-nextcloud b/notes-nextcloud
new file mode 100644
index 0000000..3d852a2
--- /dev/null
+++ b/notes-nextcloud
@@ -0,0 +1,93 @@
+version: "3.9"
+
+# ⛵ Nextcloud + Collabora (CODE) behind Traefik (TLS at Traefik)
+# Replace all occurrences of cloud.digitalboard.ch and office.example.com with your domains.
+
+services:
+ db:
+ image: postgres:16-alpine
+ container_name: nextcloud-postgres
+ restart: always
+ environment:
+ POSTGRES_DB: nextcloud
+ POSTGRES_USER: nextcloud
+ POSTGRES_PASSWORD: PVgvn5w06yvN7K8QwKacLrGNtvQformw
+ volumes:
+ - /srv/data/nextcloud/postgresql/data:/var/lib/postgresql/data
+ networks:
+ - internal
+
+ redis:
+ image: redis:7-alpine
+ container_name: nextcloud-redis
+ restart: always
+ command: ["redis-server", "--appendonly", "yes"]
+ volumes:
+ - /srv/data/nextcloud/redis/data:/data
+ networks:
+ - internal
+
+ nextcloud:
+ image: nextcloud:apache
+ container_name: nextcloud
+ restart: always
+ depends_on:
+ - db
+ - redis
+ environment:
+ POSTGRES_HOST: db
+ POSTGRES_DB: nextcloud
+ POSTGRES_USER: nextcloud
+ POSTGRES_PASSWORD: PVgvn5w06yvN7K8QwKacLrGNtvQformw
+ NEXTCLOUD_ADMIN_USER: tinfoil
+ NEXTCLOUD_ADMIN_PASSWORD: Wkcox8ZD05po1rq60Y4h2cIenws7hF7F
+ REDIS_HOST: redis
+ # REDIS_HOST_PASSWORD: ""
+ PHP_MEMORY_LIMIT: 1024M
+ PHP_UPLOAD_LIMIT: 2048M
+ OVERWRITEPROTOCOL: https
+ OVERWRITEHOST: cloud.digitalboard.ch
+ TRUSTED_PROXIES: "172.18.0.0/16"
+ volumes:
+ - /srv/data/nextcloud/nextcloud/:/var/www/html
+ - ./servername.conf:/etc/apache2/conf-enabled/servername.conf
+ networks:
+ - internal
+ - proxy
+ labels:
+ - traefik.enable=true
+ - traefik.docker.network=proxy
+ - traefik.http.routers.nextcloud.rule=Host(`cloud.digitalboard.ch`)
+ - traefik.http.routers.nextcloud.entrypoints=web
+ - traefik.http.services.nextcloud.loadbalancer.server.port=80
+ # Ensure Nextcloud always sees HTTPS from the double proxy:
+ - traefik.http.middlewares.nc-https.headers.customrequestheaders.X-Forwarded-Proto=https
+ - traefik.http.routers.nextcloud.middlewares=nc-wellknown,nc-https
+ # Well-known DAV:
+ - traefik.http.middlewares.nc-wellknown.redirectregex.permanent=true
+ - traefik.http.middlewares.nc-wellknown.redirectregex.regex=^https?://([^/]+)/.well-known/(card|cal)dav
+ - traefik.http.middlewares.nc-wellknown.redirectregex.replacement=https://$${1}/remote.php/dav/
+
+ collabora:
+ image: collabora/code:latest
+ container_name: collabora
+ restart: always
+ environment:
+ domain: ^cloud\.example\.com$
+ extra_params: --o:ssl.enable=false --o:ssl.termination=true
+ username: admin
+ password: change_me
+ cap_add:
+ - MKNOD
+ networks:
+ - proxy
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.collabora.rule=Host(`office-intern.example.com`)
+ - traefik.http.routers.collabora.entrypoints=web
+ - traefik.http.services.collabora.loadbalancer.server.port=9980
+
+networks:
+ internal:
+ proxy:
+ external: true
\ No newline at end of file
diff --git a/roles/reverseproxy/templates/middlewares.yml.j2 b/roles/reverseproxy/templates/middlewares.yml.j2
index ba022a4..4273796 100644
--- a/roles/reverseproxy/templates/middlewares.yml.j2
+++ b/roles/reverseproxy/templates/middlewares.yml.j2
@@ -1,47 +1,11 @@
-{% if enable_dashboard %}
-api:
- dashboard: true
- insecure: true
-{% endif %}
-
-{% if enable_access_logs %}
-accessLog:
- format: {{ access_log_format }}
-{% endif %}
-
-entryPoints:
- web:
- address: ":80"
-{% if use_ssl %}
- http:
- redirections:
- entryPoint:
- to: websecure
- scheme: https
-{% endif %}
- websecure:
- address: ":443"
-
-providers:
-{% if use_static_services | default(false) %}
- file:
- filename: /etc/traefik/services.yml
- watch: true
-{% endif %}
-{% if use_docker_provider | default(true) %}
- docker:
- endpoint: "unix:///var/run/docker.sock"
- exposedByDefault: false
-{% endif %}
-
-certificatesResolvers:
- letsencrypt:
- acme:
- email: admin@digitalboard.ch
- storage: /letsencrypt/acme.json
- httpChallenge:
- entryPoint: web
-
-global:
- checkNewVersion: false
- sendAnonymousUsage: false
\ No newline at end of file
+http:
+ middlewares:
+ secure-headers:
+ headers:
+ frameDeny: true
+ contentTypeNosniff: true
+ browserXssFilter: true
+ forceSTSHeader: true
+ stsSeconds: 31536000
+ stsIncludeSubdomains: true
+ stsPreload: true
\ No newline at end of file