enhanced security through HSTS headers' middleware
This commit is contained in:
parent
a1428f0d3b
commit
503f438bdf
@ -41,12 +41,16 @@ services:
|
||||
# configure a global middleware for redirecting HTTP to HTTPS
|
||||
- traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
|
||||
- traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
|
||||
# configure a global middleware to harden security through HSTS
|
||||
- traefik.http.middlewares.hsts.headers.stsSeconds=${TRAEFIK_STS_SECONDS}
|
||||
- traefik.http.middlewares.hsts.headers.stsIncludeSubdomains=${TRAEFIK_STS_SUBDOMAINS}
|
||||
- traefik.http.middlewares.hsts.headers.stsPreload=${TRAEFIK_STS_PRELOAD}
|
||||
### Section HTTP
|
||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
|
||||
# only some people can access the dashboard, hence protect it with it's whitelist
|
||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
|
||||
# redirect Træfik dashboard to HTTPS only
|
||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
|
||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https,hsts
|
||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
||||
- traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
|
||||
### Section HTTPS
|
||||
|
@ -8,7 +8,12 @@ TRAEFIK_NETWORK=traefik
|
||||
TRAEFIK_MATCHRULE=traefik.mydomain.com
|
||||
TRAEFIK_ROUTER=traefik_mydomain_com
|
||||
TRAEFIK_PILOT_TOKEN=
|
||||
|
||||
# Security
|
||||
TRAEFIK_TLSENABLED=true
|
||||
TRAEFIK_STS_SECONDS=15552000
|
||||
TRAEFIK_STS_SUBDOMAINS=true
|
||||
TRAEFIK_STS_PRELOAD=true
|
||||
|
||||
# Certificate provider
|
||||
TRAEFIK_DNSPROVIDER=hetzner
|
||||
|
Loading…
Reference in New Issue
Block a user