Merge branch 'traefik-refactoring'
This commit is contained in:
Jean Froment
commit
7923d786f2
|
|
@ -1,4 +1,4 @@
|
||||||
version: '3'
|
version: "3.7"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
traefik:
|
traefik:
|
||||||
|
|
@ -11,16 +11,10 @@ services:
|
||||||
- "443:443"
|
- "443:443"
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ./traefik:/etc/traefik
|
- ./traefik:/etc/traefik:ro
|
||||||
- configtraefik:/config
|
- configtraefik:/config:ro
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
# HTTP to HTTPS redirection
|
|
||||||
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
|
|
||||||
- "traefik.http.routers.http_catchall.entrypoints=insecure"
|
|
||||||
- "traefik.http.routers.http_catchall.middlewares=https_redirect"
|
|
||||||
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
|
|
||||||
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
|
|
||||||
# Docker labels for enabling Traefik dashboard
|
# Docker labels for enabling Traefik dashboard
|
||||||
- "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)"
|
- "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)"
|
||||||
- "traefik.http.routers.traefik.entrypoints=secure"
|
- "traefik.http.routers.traefik.entrypoints=secure"
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
common-auth:
|
||||||
|
basicAuth:
|
||||||
|
usersFile: "/etc/traefik/http_auth"
|
||||||
|
security-headers:
|
||||||
|
headers:
|
||||||
|
frameDeny: true
|
||||||
|
contentTypeNosniff: true
|
||||||
|
browserXssFilter: true
|
||||||
|
forceSTSHeader: true
|
||||||
|
stsIncludeSubdomains: true
|
||||||
|
stsSeconds: 31536000
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
tls:
|
||||||
|
options:
|
||||||
|
default:
|
||||||
|
minVersion: VersionTLS12
|
||||||
|
sniStrict: true
|
||||||
|
|
@ -1,5 +0,0 @@
|
||||||
http:
|
|
||||||
middlewares:
|
|
||||||
common-auth:
|
|
||||||
basicAuth:
|
|
||||||
usersFile: "/etc/traefik/http_auth"
|
|
||||||
|
|
@ -7,13 +7,24 @@ providers:
|
||||||
network: "traefik-network"
|
network: "traefik-network"
|
||||||
exposedByDefault: false # Only expose explicitly enabled containers
|
exposedByDefault: false # Only expose explicitly enabled containers
|
||||||
file:
|
file:
|
||||||
filename: /etc/traefik/file-provider.yml
|
directory: /etc/traefik/custom
|
||||||
|
watch: true
|
||||||
|
|
||||||
entryPoints:
|
entryPoints:
|
||||||
insecure:
|
insecure:
|
||||||
address: ":80"
|
address: ":80"
|
||||||
|
http:
|
||||||
|
redirections:
|
||||||
|
entryPoint:
|
||||||
|
to: secure
|
||||||
|
scheme: https
|
||||||
secure:
|
secure:
|
||||||
address: ":443"
|
address: ":443"
|
||||||
|
http:
|
||||||
|
tls:
|
||||||
|
certResolver: le
|
||||||
|
middlewares:
|
||||||
|
- security-headers@file
|
||||||
|
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
le:
|
le:
|
||||||
Loading…
Reference in New Issue