Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
The configuration of Traefik v2 that can be defined dynamically
[http]
[http.middlewares]
[http.middlewares.https-redirect.redirectscheme]
scheme = "https"
permanent = true
[http.middlewares.security-headers.headers]
# CORS
AccessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
AccessControlAllowOrigin = "origin-list-or-null"
AccessControlMaxAge = 100
#AddVaryHeader = true
BrowserXssFilter = true
ContentTypeNosniff = true
ForceSTSHeader = true
FrameDeny = true
SSLRedirect = true
STSIncludeSubdomains = true
STSPreload = true
ContentSecurityPolicy = "default-src 'self' 'unsafe-inline'"
CustomFrameOptionsValue = "SAMEORIGIN"
ReferrerPolicy = "same-origin"
FeaturePolicy = "vibrate 'self'"
STSSeconds = 315360000
[http]
[http.routers]
[http.routers.redirecttohttps]
entryPoints = ["web"]
middlewares = ["https-redirect"]
rule = "HostRegexp(`{host:.+}`)"
service = "noop"
[http.routers.router0]
entryPoints = ["websecure", "web"]
middlewares = ["https-redirect", "security-headers"]
service = "b1"
rule = "Host(`sm.aele8noh.4static.pl`)"
[http.routers.router0.tls]
#certResolver = "le"
options = "default"
[http.routers.router1]
entryPoints = ["websecure", "web"]
middlewares = ["https-redirect", "security-headers"]
service = "b1"
rule = "Host(`bo.ongu0cha.4static.pl`)"
[http.routers.router1.tls]
#certResolver = "le"
options = "default"
[http.routers.router2]
entryPoints = ["websecure", "web"]
middlewares = ["https-redirect", "security-headers"]
service = "b0"
rule = "Host(`sh.ui0weis3.4static.pl`)"
[http.routers.router2.tls]
#certResolver = "le"
options = "default"
[http.services]
[http.services.b0]
[http.services.b0.loadBalancer]
passHostHeader = true
[[http.services.b0.loadBalancer.servers]]
url = "http://node3vm.ids/"
[http.services.b1]
[http.services.b1.loadBalancer]
passHostHeader = true
[[http.services.b1.loadBalancer.servers]]
url = "http://172.16.0.52/"
[http.services.noop]
[http.services.noop.loadBalancer]
[[http.services.noop.loadBalancer.servers]]
url = "http://localhost"
[tls]
[tls.options]
[tls.options.default]
# https://community.containo.us/t/improving-the-ssl-rating/939/3
# minVersion = "VersionTLS12"
sniStrict = true
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", # TLS 1.2
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", # TLS 1.2
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_FALLBACK_SCSV"
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.