truenas/test/nextcloud/1.3.6/templates/nginx-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: "nginx-configuration"
data:
  config: |-
    http {
      # redirects all http requests to https requests
      server {
        listen 80 default_server;
        listen [::]:80 default_server;
        return 301 https://$host$request_uri;
      }

      server {
        server_name localhost;

        listen 443 ssl http2;
        listen [::]:433 ssl http2;

        ssl_certificate /etc/nginx/public.crt
        ssl_certificate_key /etc/nginx/private.key

        ssl_session_timeout 120m;
        ssl_session_cache   shared:ssl:16m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

        add_header Strict-Transport-Security max-age=31536000;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1";


        # maximum 3GB Upload File; change to fit your needs
        client_max_body_size 3G;

        location / {
          # We clear this as we will be adding it in our reverse proxy
          more_clear_headers 'Strict-Transport-Security';
          proxy_pass http://localhost:80;
          # set proper x-forwarded-headers
          # proxy_set_header 'X-Forwarded-Host' nextcloud.domain.tld;
          # proxy_set_header 'X-Forwarded-Proto' https;
          # -For and -IP:
          # see https://stackoverflow.com/questions/19366090/what-is-the-difference-between-x-forwarded-for-and-x-forwarded-ip
          proxy_set_header 'X-Forwarded-For' $remote_addr;
          proxy_set_header 'X-Forwarded-IP' $remote_addr;
        }
      }
    }