KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor Traefik

This commit is contained in:
Jean Froment 2020-10-23 10:45:03 +02:00
parent 593d24f9e1
commit f6bda77e15
5 changed files with 31 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docker-compose.yml
View File

@ -1,4 +1,4 @@
version: '3' version: "3.7"
services: services:
traefik: traefik:
@ -15,12 +15,6 @@ services:
- configtraefik:/config - configtraefik:/config
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
# HTTP to HTTPS redirection
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http_catchall.entrypoints=insecure"
- "traefik.http.routers.http_catchall.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# Docker labels for enabling Traefik dashboard # Docker labels for enabling Traefik dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)" - "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=secure" - "traefik.http.routers.traefik.entrypoints=secure"

13
traefik/custom/middlewares.yaml Normal file
View File

@ -0,0 +1,13 @@
http:
middlewares:
common-auth:
basicAuth:
usersFile: "/etc/traefik/http_auth"
security-headers:
headers:
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 31536000

5
traefik/custom/tls.yaml Normal file
View File

@ -0,0 +1,5 @@
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true

5
traefik/file-provider.yml
View File

@ -1,5 +0,0 @@
http:
middlewares:
common-auth:
basicAuth:
usersFile: "/etc/traefik/http_auth"

13
traefik/traefik.yml → traefik/traefik.yaml
View File

@ -7,13 +7,24 @@ providers:
network: "traefik-network" network: "traefik-network"
exposedByDefault: false # Only expose explicitly enabled containers exposedByDefault: false # Only expose explicitly enabled containers
file: file:
filename: /etc/traefik/file-provider.yml directory: /etc/traefik/custom
watch: true
entryPoints: entryPoints:
insecure: insecure:
address: ":80" address: ":80"
http:
redirections:
entryPoint:
to: secure
scheme: https
secure: secure:
address: ":443" address: ":443"
http:
tls:
certResolver: le
middlewares:
- security-headers@file
certificatesResolvers: certificatesResolvers:
le: le: