deployments/traefik
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

enhanced security through HSTS headers' middleware

Browse Source
This commit is contained in:
Bryan Joshua Pedini
2022-08-16 15:53:27 +02:00
parent a1428f0d3b
commit 503f438bdf
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docker-compose.yml
View File

@@ -41,12 +41,16 @@ services:
# configure a global middleware for redirecting HTTP to HTTPS
- traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
# configure a global middleware to harden security through HSTS
- traefik.http.middlewares.hsts.headers.stsSeconds=${TRAEFIK_STS_SECONDS}
- traefik.http.middlewares.hsts.headers.stsIncludeSubdomains=${TRAEFIK_STS_SUBDOMAINS}
- traefik.http.middlewares.hsts.headers.stsPreload=${TRAEFIK_STS_PRELOAD}
### Section HTTP
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
# only some people can access the dashboard, hence protect it with it's whitelist
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
# redirect Træfik dashboard to HTTPS only
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https,hsts
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
- traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
### Section HTTPS