From deb1b7ccb56216d5c4caf05132b007e2e8df9898 Mon Sep 17 00:00:00 2001
From: Bryan Joshua Pedini <b.pedini@bjphoster.com>
Date: Tue, 16 Aug 2022 16:06:40 +0200
Subject: [PATCH] moved hsts middleware from section HTTP to section HTTPS

---
 docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 489862b..4e5d339 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -50,13 +50,13 @@ services:
       # only some people can access the dashboard, hence protect it with it's whitelist
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
       # redirect Træfik dashboard to HTTPS only
-      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https,hsts
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
       ### Section HTTPS
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
-      # only some people can access the dashboard, hence protect it with it's whitelist
-      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
+      # only some people can access the dashboard, hence protect it with it's whitelist (and add HSTS for security)
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=hsts,dashboard-whitelist
       # configure Træfik dashboard to be the exposed service
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal