infrastructure/ansible/plays/services/traefik/dynamic.yaml

58 lines
1.4 KiB
YAML

http:
middlewares:
metrics-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.0.0/16"
- "172.16.0.0/16"
- "10.254.1.0/16"
vpn-ipwhitelist:
ipWhiteList:
sourceRange:
- "10.1.0.0/24" # vpn
- "10.2.0.0/24" # vpn
- "127.0.0.1/32" # or local nets used by deployments
- "192.168.0.0/16"
- "172.16.0.0/16"
- "10.254.1.0/16"
auth-headers:
headers:
sslRedirect: true
stsSeconds: 315360000
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
sslHost: tobiasmanske.de
stsIncludeSubdomains: true
stsPreload: true
frameDeny: true
oauth-auth:
forwardAuth:
address: https://traefik-fa.tobiasmanske.de/oauth2/auth
trustForwardHeader: true
oauth-errors:
errors:
status:
- "401-403"
service: oauth@docker
query: "/oauth2/sign_in"
oauth:
chain:
middlewares:
- oauth-errors
- oauth-auth
deny-metrics:
replacePathRegex:
regex: "^/metrics$"
replacement: "/"
hsts:
headers:
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
sslRedirect: true
stsPreload: true
stsSeconds: 315360000
stsIncludeSubdomains: true