58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
http:
|
|
middlewares:
|
|
metrics-ipwhitelist:
|
|
ipWhiteList:
|
|
sourceRange:
|
|
- "127.0.0.1/32"
|
|
- "192.168.0.0/16"
|
|
- "172.16.0.0/16"
|
|
- "10.254.1.0/16"
|
|
vpn-ipwhitelist:
|
|
ipWhiteList:
|
|
sourceRange:
|
|
- "10.1.0.0/24" # vpn
|
|
- "10.2.0.0/24" # vpn
|
|
- "127.0.0.1/32" # or local nets used by deployments
|
|
- "192.168.0.0/16"
|
|
- "172.16.0.0/16"
|
|
- "10.254.1.0/16"
|
|
auth-headers:
|
|
headers:
|
|
sslRedirect: true
|
|
stsSeconds: 315360000
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
sslHost: tobiasmanske.de
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
frameDeny: true
|
|
oauth-auth:
|
|
forwardAuth:
|
|
address: https://traefik-fa.tobiasmanske.de/oauth2/auth
|
|
trustForwardHeader: true
|
|
oauth-errors:
|
|
errors:
|
|
status:
|
|
- "401-403"
|
|
service: oauth@docker
|
|
query: "/oauth2/sign_in"
|
|
oauth:
|
|
chain:
|
|
middlewares:
|
|
- oauth-errors
|
|
- oauth-auth
|
|
deny-metrics:
|
|
replacePathRegex:
|
|
regex: "^/metrics$"
|
|
replacement: "/"
|
|
hsts:
|
|
headers:
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
forceSTSHeader: true
|
|
sslRedirect: true
|
|
stsPreload: true
|
|
stsSeconds: 315360000
|
|
stsIncludeSubdomains: true
|