KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'traefik-refactoring'

This commit is contained in:
Jean Froment 2020-10-23 10:55:36 +02:00
parent 593d24f9e1 c5777060e0
commit 7923d786f2
5 changed files with 33 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docker-compose.yml
View File

@ -1,4 +1,4 @@
version: '3'
version: "3.7"
services:
traefik:
@ -11,16 +11,10 @@ services:
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
- configtraefik:/config
- ./traefik:/etc/traefik:ro
- configtraefik:/config:ro
labels:
- "traefik.enable=true"
# HTTP to HTTPS redirection
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http_catchall.entrypoints=insecure"
- "traefik.http.routers.http_catchall.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# Docker labels for enabling Traefik dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=secure"

13
traefik/custom/middlewares.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
middlewares:
common-auth:
basicAuth:
usersFile: "/etc/traefik/http_auth"
security-headers:
headers:
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 31536000

5
traefik/custom/tls.yaml Normal file
View File

@ -0,0 +1,5 @@
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true

5
traefik/file-provider.yml
View File

@ -1,5 +0,0 @@
http:
middlewares:
common-auth:
basicAuth:
usersFile: "/etc/traefik/http_auth"

13
traefik/traefik.yml → traefik/traefik.yaml
View File

@ -7,13 +7,24 @@ providers:
network: "traefik-network"
exposedByDefault: false # Only expose explicitly enabled containers
file:
filename: /etc/traefik/file-provider.yml
directory: /etc/traefik/custom
watch: true
entryPoints:
insecure:
address: ":80"
http:
redirections:
entryPoint:
to: secure
scheme: https
secure:
address: ":443"
http:
tls:
certResolver: le
middlewares:
- security-headers@file
certificatesResolvers:
le: