You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 lines
1.4 KiB
50 lines
1.4 KiB
---
|
|
tls:
|
|
options:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
sniStrict: true
|
|
cipherSuites:
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
curvePreferences:
|
|
- CurveP521
|
|
- CurveP384
|
|
mintls13:
|
|
minVersion: VersionTLS13
|
|
|
|
http:
|
|
middlewares:
|
|
secHeaders:
|
|
headers:
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
frameDeny: true
|
|
sslRedirect: true
|
|
# HSTS Configuration
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 31536000
|
|
customRequestHeaders:
|
|
X-Frame-Options: "SAMEORIGIN"
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
|
|
|
# Beispiel für externe Dienste
|
|
# routers:
|
|
# router-1: # Tausche den Namen gegen etwas sprechendes aus
|
|
# entryPoints:
|
|
# - websecure
|
|
# rule: "Host(`example.com`)"
|
|
# service: "service-1" # Den Namen am besten ähnlich zu dem oben setzen
|
|
# tls:
|
|
# certresolver: default
|
|
|
|
# services:
|
|
# service-1: # Ich verwende hier den gleiche Namen wie bei routers
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: "http://127.0.0.1" # Auf die richtige URL anpassen.
|
|
|