# 2023-04-01 enabled: true http: routers: #traefik-http: # service: api@internal #traefik-https: # service: api@internal traefik: entryPoints: - http rule: Host(`traefik.home`) middlewares: - traefik-https-redirect service: api@internal traefik-secure: entryPoints: - https rule: Host(`traefik.home`) middlewares: - traefik-auth tls: {} service: api@internal subdomain: entryPoints: - https rule: Host(`subdomain.domain.com`) middlewares: - default tls: {} service: subdomain services: subdomain: loadBalancer: servers: - url: "http://[local ip of varnish]:[local public varnish port]" passHostHeader: true middlewares: traefik-https-redirect: redirectScheme: scheme: https traefik-auth: basicAuth: users: "[username]:[password]" sslheader: headers: customRequestHeaders: X-Forwarded-Proto: https wss: headers: customRequestHeaders: X-Forwarded-Proto: https https-redirectscheme: redirectScheme: scheme: https permanent: true default-headers: headers: frameDeny: false browserXssFilter: false forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN security-headers: headers: customResponseHeaders: Permissions-Policy: "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)" X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" server: "" via: "" X-Forwarded-Proto: https sslProxyHeaders: X-Forwarded-Proto: https referrerPolicy: same-origin hostsProxyHeaders: - X-Forwarded-Host customRequestHeaders: X-Forwarded-Proto: https contentTypeNosniff: true default-csp: headers: contentsecuritypolicy: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; font-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; object-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; prefetch-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; child-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: https:;" hsts-headers: headers: forceStsHeader: true customResponseHeaders: X-Permitted-Cross-Domain-Policies: none cors-all: headers: customRequestHeaders: Access-Control-Allow-Origin: origin-list-or-null Sec-Fetch-Site: cross-site X-Forwarded-Proto: https Access-Control-Allow-Headers: "*, Authorization" customResponseHeaders: Access-Control-Allow-Origin: "*" Sec-Fetch-Site: cross-site X-Forwarded-Proto: https Access-Control-Allow-Headers: "*, Authorization" accessControlAllowMethods: - OPTIONS - POST - GET - PUT - DELETE - PATCH accessControlAllowHeaders: - "*, Authorization" accessControlExposeHeaders: - "*, Authorization" accessControlMaxAge: 100 addVaryHeader: true accessControlAllowCredentials: true accessControlAllowOriginList: - "*" inflight-req: inFlightReq: amount: 64 rate-limit: rateLimit: average: 64 period: 1m burst: 128 retry-attempts: retry: attempts: 8 initialInterval: 1000ms compress-all: compress: excludedContentTypes: - text/event-stream minResponseBodyBytes: 1024 waf: plugin: modsecurity: modSecurityUrl: http://modsecurity:80 maxBodySize: 10485760 default: chain: middlewares: - https-redirectscheme - default-headers - security-headers - default-csp - hsts-headers - inflight-req - rate-limit - retry-attempts - waf - cors-all - compress-all