Add traefik configuration under version control
This commit is contained in:
parent
7c9c9f0f22
commit
40e2908af4
3 changed files with 124 additions and 4 deletions
80
docker/traefik/dynamic.toml
Normal file
80
docker/traefik/dynamic.toml
Normal file
|
|
@ -0,0 +1,80 @@
|
|||
[http.middlewares.authentik.forwardAuth]
|
||||
address = "http://authentik:9000/outpost.goauthentik.io/auth/traefik"
|
||||
trustForwardHeader = true
|
||||
authResponseHeaders = [
|
||||
"X-authentik-username",
|
||||
"X-authentik-groups",
|
||||
"X-authentik-email",
|
||||
"X-authentik-name",
|
||||
"X-authentik-uid",
|
||||
"X-authentik-jwt",
|
||||
"X-authentik-meta-jwks",
|
||||
"X-authentik-meta-outpost",
|
||||
"X-authentik-meta-provider",
|
||||
"X-authentik-meta-app",
|
||||
"X-authentik-meta-version",
|
||||
]
|
||||
|
||||
[http.middlewares.compress.compress]
|
||||
|
||||
[http.middlewares.http2https.redirectScheme]
|
||||
scheme = "https"
|
||||
permanent = true
|
||||
|
||||
[http.middlewares.secHeaders.headers]
|
||||
browserXssFilter = true
|
||||
contentTypeNosniff = true
|
||||
frameDeny = true
|
||||
sslRedirect = true
|
||||
stsIncludeSubdomains = true
|
||||
stsPreload = true
|
||||
stsSeconds = 31_536_000
|
||||
customFrameOptionsValue = "SAMEORIGIN"
|
||||
referrerPolicy = "strict-origin-when-cross-origin"
|
||||
accesscontrolAllowMethods = ["GET", "OPTIONS", "POST"]
|
||||
accesscontrolAllowOriginList = ["https://korhonen.cc"]
|
||||
accessControlAllowHeaders = [
|
||||
"Accept",
|
||||
"Accept-Encoding",
|
||||
"Accept-Language",
|
||||
"Access-Control-Request-Headers",
|
||||
"Access-Control-Request-Method",
|
||||
"Connection",
|
||||
"Content-Type",
|
||||
"DNT",
|
||||
"Host",
|
||||
"Origin",
|
||||
"Referer",
|
||||
"Sec-Fetch-Dest",
|
||||
"Sec-Fetch-Mode",
|
||||
"Sec-Fetch-Site",
|
||||
"User-Agent",
|
||||
]
|
||||
accesscontrolMaxAge = 100
|
||||
addVaryHeader = true
|
||||
|
||||
[http.middlewares.nextcloud-redirect-dav.redirectRegex]
|
||||
permanent = true
|
||||
regex = "https://(.*)/.well-known/(card|cal)dav"
|
||||
replacement = "https://${1}/remote.php/dav/"
|
||||
|
||||
[http.middlewares.nextcloud-redirect-extra.redirectRegex]
|
||||
permanent = true
|
||||
regex = "https://(.*)/.well-known/(webfinger|nodeinfo)"
|
||||
replacement = "https://${1}/index.php/.well-known/${2}"
|
||||
|
||||
[http.middlewares.www2non-www.redirectregex]
|
||||
permanent = true
|
||||
regex = "^https?://www\\.(.+)"
|
||||
replacement = "https://${1}"
|
||||
|
||||
[tls.options.default]
|
||||
minVersion = "VersionTLS12"
|
||||
cipherSuites = [
|
||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||||
]
|
||||
|
||||
[tls.options.mintls13]
|
||||
minVersion = "VersionTLS13"
|
||||
Loading…
Add table
Add a link
Reference in a new issue