init commit

traefik/etc/dynamic.yml

@@ -0,0 +1,56 @@
+tls:
+  options:
+    docs:
+      minVersion: VersionTLS13
+      cipherSuites:
+        - TLS_AES_256_GCM_SHA384
+        - TLS_AES_128_GCM_SHA256
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_FALLBACK_SCSV
+    dashboard:
+      minVersion: VersionTLS13
+      cipherSuites:
+        - TLS_AES_256_GCM_SHA384
+        - TLS_AES_128_GCM_SHA256
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_FALLBACK_SCSV
+      clientAuth:
+        caFiles:
+          - /etc/traefik/com.rskio.ca.crt
+        clientAuthType: RequireAndVerifyClientCert
+
+http:
+  routers:
+    traefik-dashboard:
+      rule: "Host(`oxy.rskio.com`)"
+      service: "api@internal"
+      entryPoints:
+        - "websecure"
+      middlewares:
+        - "redirect-dashboard"
+      tls:
+        options: dashboard@file
+        certResolver: rskio_certresolver
+  middlewares:
+    redirect-dashboard:
+      redirectRegex:
+        regex: "^https?://([^/]+)/?$"
+        replacement: "https://${1}/dashboard/"
+        permanent: true
+    secureHeaders:
+      headers:
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        frameDeny: true
+        referrerPolicy: "same-origin"
+        sslRedirect: true
+        stsSeconds: 31536000