49 lines
1.4 KiB
TOML
49 lines
1.4 KiB
TOML
[tls]
|
|
[tls.options]
|
|
[tls.options.minTLS12]
|
|
minVersion = "VersionTLS12"
|
|
preferServerCipherSuites = true
|
|
sniStrict = true
|
|
cipherSuites = [
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
|
"TLS_AES_128_GCM_SHA256",
|
|
"TLS_AES_256_GCM_SHA384",
|
|
"TLS_CHACHA20_POLY1305_SHA256"
|
|
]
|
|
curvePreferences = [
|
|
"CurveP521",
|
|
"CurveP384"
|
|
]
|
|
|
|
[http]
|
|
[http.middlewares]
|
|
[http.middlewares.secHeaders]
|
|
[http.middlewares.secHeaders.headers]
|
|
browserXssFilter= true
|
|
contentTypeNosniff= true
|
|
sslRedirect= true
|
|
#HSTS Configuration
|
|
|
|
#Set this to false if you want to exclude subdomains from HSTS
|
|
stsIncludeSubdomains=true
|
|
|
|
#Set this to true if you want to add your domain to the hstspreload list.
|
|
#This operation is very difficult and time consuming if not impossible to revert.
|
|
#Make sure you read the explanation and do your research properly.
|
|
stsPreload= false
|
|
|
|
stsSeconds= 15768000
|
|
# Dynamic Configuration
|
|
[http.routers.my-api]
|
|
rule = "Host(`traefik.herrmann.es`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
|
service = "api@internal"
|
|
middlewares = ["auth"]
|
|
|
|
[http.middlewares.auth.basicAuth]
|
|
users = [
|
|
"dashboard:$apr1$15pgxrml$JcVZtleLvl2FfXa9fZjdB.",
|
|
]
|
|
|