Add HSTS headers for all pages
This commit is contained in:
parent
e849d8d7cc
commit
e0fef53231
|
@ -20,13 +20,14 @@ env_file = [".env"]
|
|||
networks = ["authentik", "postgres", "proxy"]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.authentik-redirect.entrypoints=http",
|
||||
"traefik.http.routers.authentik-redirect.rule=Host(`sso.korhonen.cc`)",
|
||||
"traefik.http.routers.authentik-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.authentik.entrypoints=https",
|
||||
"traefik.http.routers.authentik.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.authentik.rule=Host(`sso.korhonen.cc`)",
|
||||
"traefik.http.routers.authentik.service=authentik",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.authentik.loadbalancer.server.port=9000",
|
||||
]
|
||||
|
||||
|
|
|
@ -13,13 +13,14 @@ volumes = [
|
|||
]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.freshrss-redirect.entrypoints=http",
|
||||
"traefik.http.routers.freshrss-redirect.rule=Host(`rss.korhonen.cc`)",
|
||||
"traefik.http.routers.freshrss-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.freshrss.entrypoints=https",
|
||||
"traefik.http.routers.freshrss.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.freshrss.rule=Host(`rss.korhonen.cc`)",
|
||||
"traefik.http.routers.freshrss.service=freshrss",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.freshrss.loadbalancer.server.port=80",
|
||||
]
|
||||
|
||||
|
@ -34,13 +35,14 @@ volumes = [
|
|||
networks = ["freshrss", "proxy"]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.bibliogram-redirect.entrypoints=http",
|
||||
"traefik.http.routers.bibliogram-redirect.rule=Host(`bibliogram.korhonen.cc`)",
|
||||
"traefik.http.routers.bibliogram-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.bibliogram.entrypoints=https",
|
||||
"traefik.http.routers.bibliogram.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.bibliogram.rule=Host(`bibliogram.korhonen.cc`)",
|
||||
"traefik.http.routers.bibliogram.service=bibliogram",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.bibliogram.loadbalancer.server.port=10407",
|
||||
]
|
||||
|
||||
|
|
|
@ -10,13 +10,14 @@ ports = ["3000:3000", "22:22"]
|
|||
volumes = ["/docker/gitea:/data", "/etc/localtime:/etc/localtime:ro"]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.gitea-redirect.entrypoints=http",
|
||||
"traefik.http.routers.gitea-redirect.rule=Host(`git.korhonen.cc`)",
|
||||
"traefik.http.routers.gitea-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.gitea.entrypoints=https",
|
||||
"traefik.http.routers.gitea.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.gitea.rule=Host(`git.korhonen.cc`)",
|
||||
"traefik.http.routers.gitea.service=gitea",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.gitea.loadbalancer.server.port=3000",
|
||||
]
|
||||
|
||||
|
|
|
@ -15,13 +15,14 @@ ports = ["8123:8123", "8300:8300"]
|
|||
depends_on = ["mosquitto"]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.home-assistant-redirect.entrypoints=http",
|
||||
"traefik.http.routers.home-assistant-redirect.rule=Host(`home.korhonen.cc`)",
|
||||
"traefik.http.routers.home-assistant-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.home-assistant.entrypoints=https",
|
||||
"traefik.http.routers.home-assistant.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.home-assistant.rule=Host(`home.korhonen.cc`)",
|
||||
"traefik.http.routers.home-assistant.service=home-assistant",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.home-assistant.loadbalancer.server.port=8123",
|
||||
]
|
||||
|
||||
|
@ -70,13 +71,14 @@ restart = "unless-stopped"
|
|||
depends_on = ["home-assistant"]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.node-red-redirect.entrypoints=http",
|
||||
"traefik.http.routers.node-red-redirect.rule=Host(`node.korhonen.cc`)",
|
||||
"traefik.http.routers.node-red-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.node-red.entrypoints=https",
|
||||
"traefik.http.routers.node-red.rule=Host(`node.korhonen.cc`)",
|
||||
"traefik.http.routers.node-red.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.node-red.service=node-red",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.node-red.loadbalancer.server.port=1880",
|
||||
]
|
||||
|
||||
|
|
|
@ -9,13 +9,14 @@ networks = ["proxy"]
|
|||
restart = "unless-stopped"
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.index-redirect.entrypoints=http",
|
||||
"traefik.http.routers.index-redirect.rule=Host(`index.korhonen.cc`)",
|
||||
"traefik.http.routers.index-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.index.entrypoints=https",
|
||||
"traefik.http.routers.index.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.index.rule=Host(`index.korhonen.cc`)",
|
||||
"traefik.http.routers.index.service=index",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.index.loadbalancer.server.port=80",
|
||||
]
|
||||
|
||||
|
|
|
@ -19,13 +19,14 @@ devices = [
|
|||
]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.jellyfin-redirect.entrypoints=http",
|
||||
"traefik.http.routers.jellyfin-redirect.rule=Host(`jellyfin.korhonen.cc`)",
|
||||
"traefik.http.routers.jellyfin-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.jellyfin.entrypoints=https",
|
||||
"traefik.http.routers.gitea.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.jellyfin.rule=Host(`jellyfin.korhonen.cc`)",
|
||||
"traefik.http.routers.jellyfin.service=jellyfin",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.jellyfin.loadbalancer.server.port=8096",
|
||||
]
|
||||
|
||||
|
|
|
@ -3,18 +3,22 @@
|
|||
[services.nginx]
|
||||
image = "nginx"
|
||||
container_name = "korhonen.cc"
|
||||
volumes = ["/docker/korhonen.cc:/korhonen.cc:ro", "./nginx.conf:/etc/nginx/conf.d/default.conf"]
|
||||
volumes = [
|
||||
"/docker/korhonen.cc:/korhonen.cc:ro",
|
||||
"./nginx.conf:/etc/nginx/conf.d/default.conf",
|
||||
]
|
||||
networks = ["proxy"]
|
||||
restart = "unless-stopped"
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.korhonen-redirect.entrypoints=http",
|
||||
"traefik.http.routers.korhonen-redirect.rule=Host(`korhonen.cc`)",
|
||||
"traefik.http.routers.korhonen-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.korhonen.entrypoints=https",
|
||||
"traefik.http.routers.korhonen.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.korhonen.rule=Host(`korhonen.cc`)",
|
||||
"traefik.http.routers.korhonen.service=korhonen",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.korhonen.loadbalancer.server.port=80",
|
||||
]
|
||||
|
||||
|
|
|
@ -14,13 +14,14 @@ cap_add = ["NET_ADMIN"]
|
|||
restart = "unless-stopped"
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.pihole-redirect.entrypoints=http",
|
||||
"traefik.http.routers.pihole-redirect.rule=Host(`pihole.korhonen.cc`)",
|
||||
"traefik.http.routers.pihole-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.pihole.entrypoints=https",
|
||||
"traefik.http.routers.pihole.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.pihole.rule=Host(`pihole.korhonen.cc`)",
|
||||
"traefik.http.routers.pihole.service=pihole",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.pihole.loadbalancer.server.port=80",
|
||||
]
|
||||
|
||||
|
|
|
@ -19,15 +19,16 @@ volumes = [
|
|||
]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.redirect.entrypoints=http",
|
||||
"traefik.http.routers.redirect.rule=Host(`traefik.korhonen.cc`)",
|
||||
"traefik.http.routers.redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.dashboard.entrypoints=https",
|
||||
"traefik.http.routers.dashboard.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.dashboard.rule=Host(`traefik.korhonen.cc`)",
|
||||
"traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/dashboard-users",
|
||||
"traefik.http.routers.dashboard.middlewares=dashboard-auth",
|
||||
"traefik.http.routers.dashboard.service=api@internal",
|
||||
"traefik.docker.network=proxy",
|
||||
]
|
||||
|
||||
[services.fail2ban]
|
||||
|
|
|
@ -16,13 +16,14 @@ restart = "unless-stopped"
|
|||
networks = ["proxy"]
|
||||
labels = [
|
||||
"traefik.enable=true",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.routers.tvheadend-redirect.entrypoints=http",
|
||||
"traefik.http.routers.tvheadend-redirect.rule=Host(`tvheadend.korhonen.cc`)",
|
||||
"traefik.http.routers.tvheadend-redirect.middlewares=http2https@file",
|
||||
"traefik.http.routers.tvheadend.entrypoints=https",
|
||||
"traefik.http.routers.tvheadend.middlewares=secHeaders@file",
|
||||
"traefik.http.routers.tvheadend.rule=Host(`tvheadend.korhonen.cc`)",
|
||||
"traefik.http.routers.tvheadend.service=tvheadend",
|
||||
"traefik.docker.network=proxy",
|
||||
"traefik.http.services.tvheadend.loadbalancer.server.port=9981",
|
||||
]
|
||||
|
||||
|
|
Loading…
Reference in a new issue