http:
  routers:
    nextcloud:
      rule: 'Host(`nextcloud.{{ env "DOMAIN" }}`)'
      entryPoints:
        - websecure
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        certResolver: letsencrypt

  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://nextcloud-aio-apache:11000"

  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - X-Forwarded-Host
        customRequestHeaders:
          X-Forwarded-Proto: https
        referrerPolicy: same-origin

    nextcloud-dav:
      redirectRegex:
        regex: "^https://([^/]+)/.well-known/(card|cal)dav"
        replacement: "https://${1}/remote.php/dav/"
        permanent: true

    nextcloud-chain:
      chain:
        middlewares:
          - nextcloud-dav
          - nextcloud-secure-headers