From 072a7d9cf801ee897b400238cdb620fd40f3270d Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 6 Apr 2016 10:10:06 +0200
Subject: [PATCH] Add recommended headers to owncloud vhost.

---
 roles/owncloud/templates/certs.j2 | 2 +-
 roles/owncloud/templates/vhost.j2 | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/owncloud/templates/certs.j2 b/roles/owncloud/templates/certs.j2
index adfdc29..0605855 100644
--- a/roles/owncloud/templates/certs.j2
+++ b/roles/owncloud/templates/certs.j2
@@ -5,7 +5,7 @@
   user: root
   group: root
   perm: '400'
-  format: crt
+  format: crt,ca
   notify: 'service nginx restart'
 - path: /etc/nginx/ssl/{{ owncloud_domain }}.key
   user: root
diff --git a/roles/owncloud/templates/vhost.j2 b/roles/owncloud/templates/vhost.j2
index 4344160..67bfe47 100644
--- a/roles/owncloud/templates/vhost.j2
+++ b/roles/owncloud/templates/vhost.j2
@@ -23,6 +23,13 @@ server {
 	ssl_certificate_key /etc/nginx/ssl/{{ owncloud_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ owncloud_domain }}.crt;
 
+	# Add headers to serve security related headers
+	#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+	add_header X-Content-Type-Options nosniff;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Robots-Tag none;
+
 	root /var/www/owncloud/;
 
 	# set max upload size