Fix small issues with nextcloud

- HSTS header was not working
- Disable log files
- Specify trusted proxies

roles/haproxy/files/haproxy.cfg

@@ -25,24 +25,39 @@ defaults
 	errorfile 503 /usr/local/etc/haproxy/errors/503.http
 	errorfile 504 /usr/local/etc/haproxy/errors/504.http
 
-frontend www
+
+frontend http
     mode http
     bind :80
-    bind :443 ssl crt /usr/local/etc/haproxy/certs
 
     acl has_domain hdr_sub(host) -i comfycamp.space
-
     http-request redirect scheme https if !{ ssl_fc } has_domain
-    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
-    http-request set-header X-Forwarded-Proto https if { ssl_fc }
-    http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" if { ssl_fc } has_domain
 
-    acl host_mastodon hdr(host) -i m.comfycamp.space
+    http-request set-header X-Forwarded-Proto http
+    
     acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
     acl path_streaming_api path_beg /api/v1/streaming
-    use_backend mastodon_streaming if host_mastodon path_streaming_api
     use_backend mastodon_streaming if host_mastodon_tor path_streaming_api
-    use_backend mastodon if host_mastodon || host_mastodon_tor
+    use_backend mastodon if host_mastodon_tor
+    
+    acl host_peertube_tor hdr(host) -i vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion
+    use_backend peertube if host_peertube_tor
+    
+    acl host_comfycamp_tor hdr(host) -i comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion
+    use_backend comfycamp if host_comfycamp_tor
+
+
+frontend https
+    mode http
+    bind :443 ssl crt /usr/local/etc/haproxy/certs
+
+    http-request set-header X-Forwarded-Proto https
+    http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
+
+    acl host_mastodon hdr(host) -i m.comfycamp.space
+    acl path_streaming_api path_beg /api/v1/streaming
+    use_backend mastodon_streaming if host_mastodon path_streaming_api
+    use_backend mastodon if host_mastodon
 
     acl host_xmpp hdr(host) -i xmpp.comfycamp.space
     acl host_xmpp_uploads hdr(host) -i upload.comfycamp.space
@@ -57,8 +72,7 @@ frontend www
     use_backend minio if host_s3
 
     acl host_peertube hdr(host) -i v.comfycamp.space
-    acl host_peertube_tor hdr(host) -i vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion
-    use_backend peertube if host_peertube || host_peertube_tor
+    use_backend peertube if host_peertube
 
     acl host_authentik hdr(host) -i auth.comfycamp.space
     use_backend authentik if host_authentik
@@ -74,8 +88,7 @@ frontend www
     use_backend immich if host_immich
 
     acl host_comfycamp hdr(host) -i comfycamp.space
-    acl host_comfycamp_tor hdr(host) -i comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion
-    use_backend comfycamp if host_comfycamp || host_comfycamp_tor
+    use_backend comfycamp if host_comfycamp
 
     acl host_vaultwarden hdr(host) -i vault.comfycamp.space
     use_backend vaultwarden if host_vaultwarden
@@ -95,6 +108,7 @@ frontend www
     acl host_mta_sts hdr(host) -i mta-sts.comfycamp.space
     use_backend mta_sts if host_mta_sts
 
+
 frontend matrix-federation
     bind :8448 ssl crt /usr/local/etc/haproxy/certs
     http-request set-header X-Forwarded-Proto https if { ssl_fc }

roles/nextcloud/templates/config.php.j2

@@ -24,6 +24,7 @@ $CONFIG = array (
   'mail_smtppassword' => '{{ smtp_password }}',
   'maintenance' => false,
   'loglevel' => 2,
+  'log_type' => 'errorlog',
   'memcache.local' => '\\OC\\Memcache\\APCu',
   'memcache.distributed' => '\\OC\\Memcache\\Redis',
   'memcache.locking' => '\\OC\\Memcache\\Redis',
@@ -39,6 +40,9 @@ $CONFIG = array (
     '{{ domain }}',
     {% endfor %}
   ],
+  'trusted_proxies' => [
+    '172.24.0.0/16',
+  ],
   'config_is_read_only' => true,
   'ldapUserCleanupInterval' => 0,
   'auth.storeCryptedPassword' => false,