50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
# traefik.yaml
|
|
providers:
|
|
docker:
|
|
exposedByDefault: false
|
|
file:
|
|
directory: /etc/traefik/
|
|
|
|
entryPoints:
|
|
websecure:
|
|
address: ":443"
|
|
|
|
certificatesResolvers:
|
|
myresolver:
|
|
acme:
|
|
email: "admin@example.ch"
|
|
storage: "/letsencrypt/acme.json"
|
|
tlsChallenge: true
|
|
# caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
|
|
tls:
|
|
options:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
sniStrict: true
|
|
cipherSuites:
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
curvePreferences:
|
|
- secp521r1
|
|
- secp384r1
|
|
|
|
mintls13:
|
|
minVersion: VersionTLS13
|
|
|
|
http:
|
|
middlewares:
|
|
default-headers:
|
|
headers:
|
|
frameDeny: true
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 63072000
|