Merge pull request #592 from nextcloud/enh/543/treafik

improve the traefik reverse proxy documentation

reverse-proxy.md

@@ -86,7 +86,7 @@ Pull requests are very welcome!
 
 **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
 
-Add a `nc.toml` to the Treafik rules folder with the following content:
+1. Add a `nextcloud.toml` to the Treafik rules folder with the following content:
 
     ```toml
     [http.routers]
@@ -106,6 +106,31 @@ Add a `nc.toml` to the Treafik rules folder with the following content:
                     url = "http://<private.ip.address.of.the.host>:11000"
     ```
 
+2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content:
+
+    ```toml
+    [http.middlewares.nc-middlewares-secure-headers]
+        [http.middlewares.nc-middlewares-secure-headers.headers]
+            hostsProxyHeaders = ["X-Forwarded-Host"]
+            sslRedirect = true
+            stsSeconds = 63072000
+            stsIncludeSubdomains = true
+            stsPreload = true
+            forceSTSHeader = true
+            referrerPolicy = "same-origin"
+            X-Robots-Tag = "none"
+    ```
+
+3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content:
+
+    ```toml
+    [http.middlewares.chain-nc]
+        [http.middlewares.chain-nc.chain]
+            middlewares = [ "middlewares-rate-limit", "nc-middlewares-secure-headers"]
+    ```
+
+---
+
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. You will also need to modify `<private.ip.address.of.the.host>` to the private ip-address of the host that is running the docker daemon. **Advice:** the `nextcloud-aio-mastercontainer` is **NOT** running the docker daemon. The host itself is running the docker daemon.
 
 </details>