mirror of
https://git.korhonen.cc/FunctionalHacker/dotfiles.git
synced 2024-11-15 00:14:59 +00:00
84 lines
2.1 KiB
TOML
84 lines
2.1 KiB
TOML
[http.middlewares.authentik.forwardAuth]
|
|
address = "http://authentik:9000/outpost.goauthentik.io/auth/traefik"
|
|
trustForwardHeader = true
|
|
authResponseHeaders = [
|
|
"X-authentik-username",
|
|
"X-authentik-groups",
|
|
"X-authentik-email",
|
|
"X-authentik-name",
|
|
"X-authentik-uid",
|
|
"X-authentik-jwt",
|
|
"X-authentik-meta-jwks",
|
|
"X-authentik-meta-outpost",
|
|
"X-authentik-meta-provider",
|
|
"X-authentik-meta-app",
|
|
"X-authentik-meta-version",
|
|
]
|
|
|
|
[http.middlewares.compress.compress]
|
|
|
|
[http.middlewares.http2https.redirectScheme]
|
|
scheme = "https"
|
|
permanent = true
|
|
|
|
[http.middlewares.secHeaders.headers]
|
|
browserXssFilter = true
|
|
contentTypeNosniff = true
|
|
frameDeny = true
|
|
sslRedirect = true
|
|
stsIncludeSubdomains = true
|
|
stsPreload = true
|
|
stsSeconds = 31_536_000
|
|
customFrameOptionsValue = "SAMEORIGIN"
|
|
referrerPolicy = "strict-origin-when-cross-origin"
|
|
accesscontrolAllowMethods = ["GET", "OPTIONS", "POST"]
|
|
accesscontrolAllowOriginList = ["https://korhonen.cc"]
|
|
accessControlAllowHeaders = [
|
|
"Accept",
|
|
"Accept-Encoding",
|
|
"Accept-Language",
|
|
"Access-Control-Request-Headers",
|
|
"Access-Control-Request-Method",
|
|
"Connection",
|
|
"Content-Type",
|
|
"DNT",
|
|
"Host",
|
|
"Origin",
|
|
"Referer",
|
|
"Sec-Fetch-Dest",
|
|
"Sec-Fetch-Mode",
|
|
"Sec-Fetch-Site",
|
|
"User-Agent",
|
|
]
|
|
accesscontrolMaxAge = 100
|
|
addVaryHeader = true
|
|
|
|
[http.middlewares.nextcloud-redirect-dav.redirectRegex]
|
|
permanent = true
|
|
regex = "https://(.*)/.well-known/(card|cal)dav"
|
|
replacement = "https://${1}/remote.php/dav/"
|
|
|
|
[http.middlewares.nextcloud-redirect-extra.redirectRegex]
|
|
permanent = true
|
|
regex = "https://(.*)/.well-known/(webfinger|nodeinfo)"
|
|
replacement = "https://${1}/index.php/.well-known/${2}"
|
|
|
|
[http.middlewares.www2non-www.redirectregex]
|
|
permanent = true
|
|
regex = "^https?://www\\.(.+)"
|
|
replacement = "https://${1}"
|
|
|
|
[http.serversTransports.ignorecert]
|
|
insecureSkipVerify = true
|
|
|
|
[tls.options.default]
|
|
minVersion = "VersionTLS12"
|
|
cipherSuites = [
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
|
]
|
|
|
|
[tls.options.mintls13]
|
|
minVersion = "VersionTLS13"
|