57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
tls:
|
|
options:
|
|
docs:
|
|
minVersion: VersionTLS13
|
|
cipherSuites:
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_FALLBACK_SCSV
|
|
dashboard:
|
|
minVersion: VersionTLS13
|
|
cipherSuites:
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_FALLBACK_SCSV
|
|
clientAuth:
|
|
caFiles:
|
|
- /etc/traefik/com.rskio.ca.crt
|
|
clientAuthType: RequireAndVerifyClientCert
|
|
|
|
http:
|
|
routers:
|
|
traefik-dashboard:
|
|
rule: "Host(`oxy.rskio.com`)"
|
|
service: "api@internal"
|
|
entryPoints:
|
|
- "websecure"
|
|
middlewares:
|
|
- "redirect-dashboard"
|
|
tls:
|
|
options: dashboard@file
|
|
certResolver: rskio_certresolver
|
|
middlewares:
|
|
redirect-dashboard:
|
|
redirectRegex:
|
|
regex: "^https?://([^/]+)/?$"
|
|
replacement: "https://${1}/dashboard/"
|
|
permanent: true
|
|
secureHeaders:
|
|
headers:
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
frameDeny: true
|
|
referrerPolicy: "same-origin"
|
|
sslRedirect: true
|
|
stsSeconds: 31536000
|