[http.middlewares.authentik.forwardAuth] address = "http://authentik:9000/outpost.goauthentik.io/auth/traefik" trustForwardHeader = true authResponseHeaders = [ "X-authentik-username", "X-authentik-groups", "X-authentik-email", "X-authentik-name", "X-authentik-uid", "X-authentik-jwt", "X-authentik-meta-jwks", "X-authentik-meta-outpost", "X-authentik-meta-provider", "X-authentik-meta-app", "X-authentik-meta-version", ] [http.middlewares.compress.compress] [http.middlewares.http2https.redirectScheme] scheme = "https" permanent = true [http.middlewares.secHeaders.headers] browserXssFilter = true contentTypeNosniff = true frameDeny = true sslRedirect = true stsIncludeSubdomains = true stsPreload = true stsSeconds = 31_536_000 customFrameOptionsValue = "SAMEORIGIN" referrerPolicy = "strict-origin-when-cross-origin" accesscontrolAllowMethods = ["GET", "OPTIONS", "POST"] accesscontrolAllowOriginList = ["https://korhonen.cc"] accessControlAllowHeaders = [ "Accept", "Accept-Encoding", "Accept-Language", "Access-Control-Request-Headers", "Access-Control-Request-Method", "Connection", "Content-Type", "DNT", "Host", "Origin", "Referer", "Sec-Fetch-Dest", "Sec-Fetch-Mode", "Sec-Fetch-Site", "User-Agent", ] accesscontrolMaxAge = 100 addVaryHeader = true [http.middlewares.nextcloud-redirect-dav.redirectRegex] permanent = true regex = "https://(.*)/.well-known/(card|cal)dav" replacement = "https://${1}/remote.php/dav/" [http.middlewares.nextcloud-redirect-extra.redirectRegex] permanent = true regex = "https://(.*)/.well-known/(webfinger|nodeinfo)" replacement = "https://${1}/index.php/.well-known/${2}" [http.middlewares.www2non-www.redirectregex] permanent = true regex = "^https?://www\\.(.+)" replacement = "https://${1}" [http.serversTransports.ignorecert] insecureSkipVerify = true [tls.options.default] minVersion = "VersionTLS12" cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", ] [tls.options.mintls13] minVersion = "VersionTLS13"