You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
2.0 KiB
TOML
81 lines
2.0 KiB
TOML
2 years ago
|
[http.middlewares.authentik.forwardAuth]
|
||
|
address = "http://authentik:9000/outpost.goauthentik.io/auth/traefik"
|
||
|
trustForwardHeader = true
|
||
|
authResponseHeaders = [
|
||
|
"X-authentik-username",
|
||
|
"X-authentik-groups",
|
||
|
"X-authentik-email",
|
||
|
"X-authentik-name",
|
||
|
"X-authentik-uid",
|
||
|
"X-authentik-jwt",
|
||
|
"X-authentik-meta-jwks",
|
||
|
"X-authentik-meta-outpost",
|
||
|
"X-authentik-meta-provider",
|
||
|
"X-authentik-meta-app",
|
||
|
"X-authentik-meta-version",
|
||
|
]
|
||
|
|
||
|
[http.middlewares.compress.compress]
|
||
|
|
||
|
[http.middlewares.http2https.redirectScheme]
|
||
|
scheme = "https"
|
||
|
permanent = true
|
||
|
|
||
|
[http.middlewares.secHeaders.headers]
|
||
|
browserXssFilter = true
|
||
|
contentTypeNosniff = true
|
||
|
frameDeny = true
|
||
|
sslRedirect = true
|
||
|
stsIncludeSubdomains = true
|
||
|
stsPreload = true
|
||
|
stsSeconds = 31_536_000
|
||
|
customFrameOptionsValue = "SAMEORIGIN"
|
||
|
referrerPolicy = "strict-origin-when-cross-origin"
|
||
|
accesscontrolAllowMethods = ["GET", "OPTIONS", "POST"]
|
||
|
accesscontrolAllowOriginList = ["https://korhonen.cc"]
|
||
|
accessControlAllowHeaders = [
|
||
|
"Accept",
|
||
|
"Accept-Encoding",
|
||
|
"Accept-Language",
|
||
|
"Access-Control-Request-Headers",
|
||
|
"Access-Control-Request-Method",
|
||
|
"Connection",
|
||
|
"Content-Type",
|
||
|
"DNT",
|
||
|
"Host",
|
||
|
"Origin",
|
||
|
"Referer",
|
||
|
"Sec-Fetch-Dest",
|
||
|
"Sec-Fetch-Mode",
|
||
|
"Sec-Fetch-Site",
|
||
|
"User-Agent",
|
||
|
]
|
||
|
accesscontrolMaxAge = 100
|
||
|
addVaryHeader = true
|
||
|
|
||
|
[http.middlewares.nextcloud-redirect-dav.redirectRegex]
|
||
|
permanent = true
|
||
|
regex = "https://(.*)/.well-known/(card|cal)dav"
|
||
|
replacement = "https://${1}/remote.php/dav/"
|
||
|
|
||
|
[http.middlewares.nextcloud-redirect-extra.redirectRegex]
|
||
|
permanent = true
|
||
|
regex = "https://(.*)/.well-known/(webfinger|nodeinfo)"
|
||
|
replacement = "https://${1}/index.php/.well-known/${2}"
|
||
|
|
||
|
[http.middlewares.www2non-www.redirectregex]
|
||
|
permanent = true
|
||
|
regex = "^https?://www\\.(.+)"
|
||
|
replacement = "https://${1}"
|
||
|
|
||
|
[tls.options.default]
|
||
|
minVersion = "VersionTLS12"
|
||
|
cipherSuites = [
|
||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||
|
]
|
||
|
|
||
|
[tls.options.mintls13]
|
||
|
minVersion = "VersionTLS13"
|