foodotfiles/docker/traefik/dynamic.toml
Marko Korhonen 3d5d910520
Add mastodon
2022-12-18 00:21:21 +02:00

84 lines
2.1 KiB
TOML

[http.middlewares.authentik.forwardAuth]
address = "http://authentik:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader = true
authResponseHeaders = [
"X-authentik-username",
"X-authentik-groups",
"X-authentik-email",
"X-authentik-name",
"X-authentik-uid",
"X-authentik-jwt",
"X-authentik-meta-jwks",
"X-authentik-meta-outpost",
"X-authentik-meta-provider",
"X-authentik-meta-app",
"X-authentik-meta-version",
]
[http.middlewares.compress.compress]
[http.middlewares.http2https.redirectScheme]
scheme = "https"
permanent = true
[http.middlewares.secHeaders.headers]
browserXssFilter = true
contentTypeNosniff = true
frameDeny = true
sslRedirect = true
stsIncludeSubdomains = true
stsPreload = true
stsSeconds = 31_536_000
customFrameOptionsValue = "SAMEORIGIN"
referrerPolicy = "strict-origin-when-cross-origin"
accesscontrolAllowMethods = ["GET", "OPTIONS", "POST"]
accesscontrolAllowOriginList = ["https://korhonen.cc"]
accessControlAllowHeaders = [
"Accept",
"Accept-Encoding",
"Accept-Language",
"Access-Control-Request-Headers",
"Access-Control-Request-Method",
"Connection",
"Content-Type",
"DNT",
"Host",
"Origin",
"Referer",
"Sec-Fetch-Dest",
"Sec-Fetch-Mode",
"Sec-Fetch-Site",
"User-Agent",
]
accesscontrolMaxAge = 100
addVaryHeader = true
[http.middlewares.nextcloud-redirect-dav.redirectRegex]
permanent = true
regex = "https://(.*)/.well-known/(card|cal)dav"
replacement = "https://${1}/remote.php/dav/"
[http.middlewares.nextcloud-redirect-extra.redirectRegex]
permanent = true
regex = "https://(.*)/.well-known/(webfinger|nodeinfo)"
replacement = "https://${1}/index.php/.well-known/${2}"
[http.middlewares.www2non-www.redirectregex]
permanent = true
regex = "^https?://www\\.(.+)"
replacement = "https://${1}"
[http.serversTransports.ignorecert]
insecureSkipVerify = true
[tls.options.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
]
[tls.options.mintls13]
minVersion = "VersionTLS13"