From 635b2e914ad72ae4aee91230f67420978a3dd145 Mon Sep 17 00:00:00 2001
From: Bert Van den Abbeele <bert_vandenabbeele@hotmail.com>
Date: Sat, 26 Oct 2024 18:36:18 +0200
Subject: [PATCH 1/2] Create romm.subdomain.conf.sample

create conf file
---
 romm.subdomain.conf.sample | 55 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 romm.subdomain.conf.sample

diff --git a/romm.subdomain.conf.sample b/romm.subdomain.conf.sample
new file mode 100644
index 0000000..06317e3
--- /dev/null
+++ b/romm.subdomain.conf.sample
@@ -0,0 +1,55 @@
+## Version 2024/10/26
+# make sure that your romM container is named romm
+# make sure that your dns has a cname set for romm
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name romm.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app romm;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+        # Hide version
+        server_tokens off;
+
+        # Security headers
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    }
+}
\ No newline at end of file

From 18707c1177923192abbfbae9d8ab8db37bb80d54 Mon Sep 17 00:00:00 2001
From: Bert Van den Abbeele <bert_vandenabbeele@hotmail.com>
Date: Wed, 27 Nov 2024 12:21:00 +0100
Subject: [PATCH 2/2] remove optional headers

---
 romm.subdomain.conf.sample | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/romm.subdomain.conf.sample b/romm.subdomain.conf.sample
index 06317e3..07c34d4 100644
--- a/romm.subdomain.conf.sample
+++ b/romm.subdomain.conf.sample
@@ -42,14 +42,5 @@ server {
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
-        # Hide version
-        server_tokens off;
-
-        # Security headers
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header Referrer-Policy "no-referrer-when-downgrade" always;
     }
 }
\ No newline at end of file