align nginx and Caddy config with official Nextcloud docs

Move security headers to Caddy (edge proxy), remove nginx gzip (Caddy already compresses), add asset_immutable map for versioned cache control, add missing static file extensions, fix .well-known block, and hide X-Powered-By header.
2026-03-22 17:58:26 +01:00
parent ac3bff9351
commit b918e713e5
2 changed files with 16 additions and 9 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -14,6 +14,11 @@ nextcloud.t-gstone.de {
 	reverse_proxy nextcloud-nginx:80

 	header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	header Referrer-Policy "no-referrer"
+	header X-Content-Type-Options "nosniff"
+	header X-Frame-Options "SAMEORIGIN"
+	header X-Permitted-Cross-Domain-Policies "none"
+	header X-Robots-Tag "noindex, nofollow"

 	request_body {
 		max_size 10G