The configuration of Traefik v2 that can be defined dynamically
[http] | |
[http.middlewares] | |
[http.middlewares.https-redirect.redirectscheme] | |
scheme = "https" | |
permanent = true | |
[http.middlewares.security-headers.headers] | |
# CORS | |
AccessControlAllowMethods = ["GET", "OPTIONS", "PUT"] | |
AccessControlAllowOrigin = "origin-list-or-null" | |
AccessControlMaxAge = 100 | |
#AddVaryHeader = true | |
BrowserXssFilter = true | |
ContentTypeNosniff = true | |
ForceSTSHeader = true | |
FrameDeny = true | |
SSLRedirect = true | |
STSIncludeSubdomains = true | |
STSPreload = true | |
ContentSecurityPolicy = "default-src 'self' 'unsafe-inline'" | |
CustomFrameOptionsValue = "SAMEORIGIN" | |
ReferrerPolicy = "same-origin" | |
FeaturePolicy = "vibrate 'self'" | |
STSSeconds = 315360000 |
[http] | |
[http.routers] | |
[http.routers.redirecttohttps] | |
entryPoints = ["web"] | |
middlewares = ["https-redirect"] | |
rule = "HostRegexp(`{host:.+}`)" | |
service = "noop" | |
[http.routers.router0] | |
entryPoints = ["websecure", "web"] | |
middlewares = ["https-redirect", "security-headers"] | |
service = "b1" | |
rule = "Host(`sm.aele8noh.4static.pl`)" | |
[http.routers.router0.tls] | |
#certResolver = "le" | |
options = "default" | |
[http.routers.router1] | |
entryPoints = ["websecure", "web"] | |
middlewares = ["https-redirect", "security-headers"] | |
service = "b1" | |
rule = "Host(`bo.ongu0cha.4static.pl`)" | |
[http.routers.router1.tls] | |
#certResolver = "le" | |
options = "default" | |
[http.routers.router2] | |
entryPoints = ["websecure", "web"] | |
middlewares = ["https-redirect", "security-headers"] | |
service = "b0" | |
rule = "Host(`sh.ui0weis3.4static.pl`)" | |
[http.routers.router2.tls] | |
#certResolver = "le" | |
options = "default" | |
[http.services] | |
[http.services.b0] | |
[http.services.b0.loadBalancer] | |
passHostHeader = true | |
[[http.services.b0.loadBalancer.servers]] | |
url = "http://node3vm.ids/" | |
[http.services.b1] | |
[http.services.b1.loadBalancer] | |
passHostHeader = true | |
[[http.services.b1.loadBalancer.servers]] | |
url = "http://172.16.0.52/" | |
[http.services.noop] | |
[http.services.noop.loadBalancer] | |
[[http.services.noop.loadBalancer.servers]] | |
url = "http://localhost" |
[tls] | |
[tls.options] | |
[tls.options.default] | |
# https://community.containo.us/t/improving-the-ssl-rating/939/3 | |
# minVersion = "VersionTLS12" | |
sniStrict = true | |
cipherSuites = [ | |
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", | |
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", | |
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", # TLS 1.2 | |
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", | |
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", # TLS 1.2 | |
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", | |
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", | |
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", | |
"TLS_AES_128_GCM_SHA256", | |
"TLS_AES_256_GCM_SHA384", | |
"TLS_CHACHA20_POLY1305_SHA256", | |
"TLS_FALLBACK_SCSV" | |
] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment