forked from trajano/trajano-swarm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtraefik.toml
56 lines (45 loc) · 1.46 KB
/
traefik.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256"
]
sniStrict = true
[tls.options.intranet]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256"
]
sniStrict = true
[tls.options.intranet.clientAuth]
caFiles = ["/ca.pem"]
clientAuthType = "RequireAndVerifyClientCert"
[http.middlewares]
[http.middlewares.compress-all.compress]
[http.middlewares.security-headers.headers]
BrowserXssFilter = true
ContentTypeNosniff = true
ForceSTSHeader = true
FrameDeny = true
SSLRedirect = true
STSIncludeSubdomains = true
STSPreload = true
STSSeconds = 315360000
[http.middlewares.strip-prefix.chain]
middlewares = [ "strip-prefix-1", "strip-prefix-2"]
[http.middlewares.strip-prefix-1.redirectregex]
regex="^(https?://[^/]+/[a-z0-9_]+)$"
replacement="${1}/"
permanent = true
[http.middlewares.strip-prefix-2.stripprefixregex]
regex = [ "/[a-z0-9_]+" ]