Jemmaan
This commit is contained in:
45
config/docker/2022/misc/middlewares-chains.yml
Normal file
45
config/docker/2022/misc/middlewares-chains.yml
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
chain-no-auth:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- middlewares-rate-limit
|
||||||
|
- middlewares-https-redirectscheme
|
||||||
|
- middlewares-secure-headers
|
||||||
|
- middlewares-compress
|
||||||
|
|
||||||
|
chain-basic-auth:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- middlewares-rate-limit
|
||||||
|
- middlewares-https-redirectscheme
|
||||||
|
- middlewares-secure-headers
|
||||||
|
- middlewares-basic-auth
|
||||||
|
- middlewares-compress
|
||||||
|
|
||||||
|
chain-oauth:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- middlewares-rate-limit
|
||||||
|
- middlewares-https-redirectscheme
|
||||||
|
- middlewares-secure-headers
|
||||||
|
- middlewares-oauth
|
||||||
|
- middlewares-compress
|
||||||
|
|
||||||
|
chain-oauth-external:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- middlewares-rate-limit
|
||||||
|
- middlewares-https-redirectscheme
|
||||||
|
- middlewares-secure-headers
|
||||||
|
- middlewares-oauth-external
|
||||||
|
- middlewares-compress
|
||||||
|
|
||||||
|
chain-authelia:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- middlewares-rate-limit
|
||||||
|
- middlewares-https-redirectscheme
|
||||||
|
- middlewares-secure-headers
|
||||||
|
- middlewares-authelia
|
||||||
|
- middlewares-compress
|
||||||
86
config/docker/2022/misc/middlewares.yml
Normal file
86
config/docker/2022/misc/middlewares.yml
Normal file
@@ -0,0 +1,86 @@
|
|||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
middlewares-basic-auth:
|
||||||
|
basicAuth:
|
||||||
|
# users:
|
||||||
|
# - "user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1"
|
||||||
|
usersFile: "/shared/htpasswd" #be sure to mount the volume through docker-compose.yml
|
||||||
|
realm: "Traefik 2 Basic Auth"
|
||||||
|
|
||||||
|
middlewares-rate-limit:
|
||||||
|
rateLimit:
|
||||||
|
average: 100
|
||||||
|
burst: 50
|
||||||
|
|
||||||
|
middlewares-https-redirectscheme:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
|
||||||
|
middlewares-secure-headers:
|
||||||
|
headers:
|
||||||
|
accessControlAllowMethods:
|
||||||
|
- GET
|
||||||
|
- OPTIONS
|
||||||
|
- PUT
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
hostsProxyHeaders:
|
||||||
|
- "X-Forwarded-Host"
|
||||||
|
# sslRedirect: true #replaced with middlewares-https-redirectscheme for v2.5.x
|
||||||
|
stsSeconds: 63072000
|
||||||
|
stsIncludeSubdomains: true
|
||||||
|
stsPreload: true
|
||||||
|
forceSTSHeader: true
|
||||||
|
# frameDeny: true #overwritten by customFrameOptionsValue
|
||||||
|
customFrameOptionsValue: "allow-from https:example.com" #CSP takes care of this but may be needed for organizr.
|
||||||
|
contentTypeNosniff: true
|
||||||
|
browserXssFilter: true
|
||||||
|
# sslForceHost: true # add sslHost to all of the services
|
||||||
|
# sslHost: "example.com"
|
||||||
|
referrerPolicy: "same-origin"
|
||||||
|
# Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
|
||||||
|
# the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
|
||||||
|
# contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
|
||||||
|
# Line below, featurePolicy, was deprecated in v2.5.x in favor permissionPolicy
|
||||||
|
# featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
|
||||||
|
permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
|
||||||
|
customResponseHeaders:
|
||||||
|
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
|
||||||
|
server: ""
|
||||||
|
# https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
|
||||||
|
# X-Forwarded-Proto: "https"
|
||||||
|
|
||||||
|
middlewares-oauth:
|
||||||
|
forwardAuth:
|
||||||
|
address: "http://oauth:4181" # Make sure you have the OAuth service in docker-compose.yml
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- "X-Forwarded-User"
|
||||||
|
|
||||||
|
middlewares-oauth-external:
|
||||||
|
forwardAuth:
|
||||||
|
address: "https://oauth.example.com" # Make sure you have the OAuth service in a remote server
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- "X-Forwarded-User"
|
||||||
|
|
||||||
|
middlewares-authelia:
|
||||||
|
forwardAuth:
|
||||||
|
address: "http://authelia:9091/api/verify?rd=https://testauth.local.gurulandia.eu"
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- "Remote-User"
|
||||||
|
- "Remote-Groups"
|
||||||
|
|
||||||
|
middlewares-compress:
|
||||||
|
compress: {}
|
||||||
|
|
||||||
|
# https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
|
||||||
|
middlewares-buffering:
|
||||||
|
buffering:
|
||||||
|
maxResponseBodyBytes: 2000000
|
||||||
|
maxRequestBodyBytes: 10485760
|
||||||
|
memRequestBodyBytes: 2097152
|
||||||
|
maxResponseBodyBytes: 10485760
|
||||||
|
memResponseBodyBytes: 2097152
|
||||||
|
retryExpression: "IsNetworkError() && Attempts() <= 2"
|
||||||
Reference in New Issue
Block a user