enhanced security through HSTS headers' middleware

This commit is contained in:
Bryan Joshua Pedini 2022-08-16 15:53:27 +02:00
parent a1428f0d3b
commit 503f438bdf
2 changed files with 10 additions and 1 deletions

View File

@ -41,12 +41,16 @@ services:
# configure a global middleware for redirecting HTTP to HTTPS
- traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
# configure a global middleware to harden security through HSTS
- traefik.http.middlewares.hsts.headers.stsSeconds=${TRAEFIK_STS_SECONDS}
- traefik.http.middlewares.hsts.headers.stsIncludeSubdomains=${TRAEFIK_STS_SUBDOMAINS}
- traefik.http.middlewares.hsts.headers.stsPreload=${TRAEFIK_STS_PRELOAD}
### Section HTTP
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
# only some people can access the dashboard, hence protect it with it's whitelist
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
# redirect Træfik dashboard to HTTPS only
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https,hsts
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
- traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
### Section HTTPS

View File

@ -8,7 +8,12 @@ TRAEFIK_NETWORK=traefik
TRAEFIK_MATCHRULE=traefik.mydomain.com
TRAEFIK_ROUTER=traefik_mydomain_com
TRAEFIK_PILOT_TOKEN=
# Security
TRAEFIK_TLSENABLED=true
TRAEFIK_STS_SECONDS=15552000
TRAEFIK_STS_SUBDOMAINS=true
TRAEFIK_STS_PRELOAD=true
# Certificate provider
TRAEFIK_DNSPROVIDER=hetzner