From 145dcfe3fb486522e0e724dbafc5c70b85ea39a3 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Tue, 24 Aug 2021 01:12:12 -0500
Subject: [PATCH] Add Redis for Nextcloud, plus some config tuning

---
 playbooks/prod_web.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/playbooks/prod_web.yml b/playbooks/prod_web.yml
index f61f88f..05d9238 100755
--- a/playbooks/prod_web.yml
+++ b/playbooks/prod_web.yml
@@ -72,11 +72,18 @@
             ssl_certificate_key /etc/letsencrypt/live/desu.ltd/privkey.pem;
             ssl_trusted_certificate /etc/letsencrypt/live/desu.ltd/chain.pem;
             ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+            add_header Strict-Transport-Security "max-age=31536000";
             location / {
               proxy_set_header Host $host;
               proxy_set_header X-Real-IP $remote_addr;
               proxy_pass http://nextcloud:80;
             }
+            location ^~ /.well-known {
+              location = /.well-known/carddav { return 301 /remote.php/dav/; }
+              location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+              location ^~ /.well-known        { return 301 /index.php$uri; }
+              try_files $uri $uri/ =404;
+            }
           }
           server {
             listen 443 ssl;
@@ -96,6 +103,7 @@
       include_tasks: tasks/app/{{ task }}
       with_items:
         - gulagbot.yml
+        - redis.yml
       loop_control:
         loop_var: task
       tags: [ always ]