From 95d78e3675b92541d75d21a3f1e23369505971bd Mon Sep 17 00:00:00 2001
From: Benoit <forgejo@benoit.jp.net>
Date: Sat, 15 Feb 2025 08:39:30 +0900
Subject: [PATCH] Add navidrome

---
 03frontends.cfg |  5 ++++-
 05backends.cfg  | 11 +++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/03frontends.cfg b/03frontends.cfg
index 93bcf1a..4055669 100644
--- a/03frontends.cfg
+++ b/03frontends.cfg
@@ -311,14 +311,16 @@ frontend frontend_default
   acl linkding hdr(host) -i linkding.benoit.jp.net
   acl mastodon hdr(host) -i mastodon.benoit.jp.net
   acl miniflux hdr(host) -i miniflux.benoit.jp.net
+  acl navidrome hdr(host) -i navidrome.jp.net
   acl photoprism hdr(host) -i photoprism.benoit.jp.net
   acl vaultwarden hdr(host) -i vaultwarden.benoit.jp.net
-  acl www hdr(host) -i www.benoit.jp.net
   acl www hdr(host) -i benoit.jp.net
+  acl www hdr(host) -i www.benoit.jp.net
 
   http-request deny if adguard !JP !SG !letsencrypt
   http-request deny if kanboard !JP !SG !letsencrypt
   http-request deny if miniflux !JP !SG !letsencrypt
+  http-request deny if navidrome !JP !SG !letsencrypt
   http-request deny if photoprism !JP !SG !letsencrypt
   http-request deny if vaultwarden !JP !SG !letsencrypt
 
@@ -331,6 +333,7 @@ frontend frontend_default
   use_backend linkding if linkding
   use_backend mastodon if mastodon
   use_backend miniflux if miniflux
+  use_backend navidrome if navidrome
   use_backend photoprism if photoprism
   use_backend vaultwarden if vaultwarden
   use_backend www if www
diff --git a/05backends.cfg b/05backends.cfg
index 7b4af39..84b02f6 100644
--- a/05backends.cfg
+++ b/05backends.cfg
@@ -125,3 +125,14 @@ backend www
   http-response set-header Cross-Origin-Resource-Policy "same-origin"
   http-response set-header Cache-Control max-age=31536000
   server www www.incus:80 check
+
+backend navidrome
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  http-response set-header Cache-Control max-age=31536000
+  server navidrome navidrome.incus:4533 check