enabled: true http: routers: #traefik-http: # service: api@internal #traefik-https: # service: api@internal traefik: entryPoints: - http rule: Host(`traefik.home`) middlewares: - traefik-https-redirect service: api@internal traefik-secure: entryPoints: - http3 rule: Host(`traefik.home`) middlewares: - traefik-auth tls: {} service: api@internal subdomain: entryPoints: - http3 rule: Host(`[subdomain.domain.com]`) middlewares: - default tls: {} service: subdomain services: subdomain: loadBalancer: servers: - url: 'http://[varnish ip]:[varnish port]' passHostHeader: true middlewares: traefik-https-redirect: redirectScheme: scheme: https traefik-auth: basicAuth:[user:hash password]" sslheader: headers: customRequestHeaders: X-Forwarded-Proto: https wss: headers: customRequestHeaders: X-Forwarded-Proto: https https-redirectscheme: redirectScheme: scheme: https permanent: true default-headers: headers: frameDeny: true browserXssFilter: false forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN security-headers: headers: customResponseHeaders: X-Robots-Tag: 'none,noarchive,nosnippet,notranslate,noimageindex' server: '' X-Forwarded-Proto: https sslProxyHeaders: X-Forwarded-Proto: https referrerPolicy: same-origin hostsProxyHeaders: - X-Forwarded-Host customRequestHeaders: X-Forwarded-Proto: https contentTypeNosniff: false contentsecuritypolicy: "default-src 'self' data: wss: *.cloudflare.com *.gstatic.com *.github.com; img-src 'self' https: data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.cloudflare.com *.jsdelivr.net *.jquery.com *.github.com; style-src 'self' 'unsafe-inline' https:; connect-src 'self' wss:" hsts-headers: headers: frameDeny: true sslRedirect: true browserXssFilter: false contentTypeNosniff: false stsIncludeSubdomains: true stsPreload: true stsSeconds: 31536000 forceStsHeader: true referrerPolicy: same-origin customResponseHeaders: permissions-Policy: vibrate=(self), geolocation=(self), midi=(self), notifications=(self), push=(self), microphone=(), $ X-Permitted-Cross-Domain-Policies: none cors-all: headers: customRequestHeaders: Access-Control-Allow-Origin: origin-list-or-null Sec-Fetch-Site: cross-site X-Forwarded-Proto: https Access-Control-Allow-Headers: '*, Authorization' customResponseHeaders: Access-Control-Allow-Origin: '*' Sec-Fetch-Site: cross-site X-Forwarded-Proto: https Access-Control-Allow-Headers: '*, Authorization' accessControlAllowMethods: - OPTIONS - POST - GET - PUT - DELETE - PATCH accessControlAllowHeaders: - '*, Authorization' accessControlExposeHeaders: - '*, Authorization' accessControlMaxAge: 100 addVaryHeader: true accessControlAllowCredentials: true accessControlAllowOriginList: - '*' default-whitelist: ipWhiteList: sourceRange: - '10.0.0.0/8' - '192.168.0.0/16' - '172.16.0.0/12' - '173.245.48.0/20' - '103.21.244.0/22' - '103.22.200.0/22' - '103.31.4.0/22' - '141.101.64.0/18' - '108.162.192.0/18' - '190.93.240.0/20' - '188.114.96.0/20' - '197.234.240.0/22' - '198.41.128.0/17' - '162.158.0.0/15' - '104.16.0.0/13' - '104.24.0.0/14' - '172.64.0.0/13' - '131.0.72.0/22' - '2400:cb00::/32' - '2606:4700::/32' - '2803:f800::/32' - '2405:b500::/32' - '2405:8100::/32' - '2a06:98c0::/29' - '2c0f:f248::/32' compress-all: compress: excludedContentTypes: - text/event-stream minResponseBodyBytes: 1024 inflight-req: inFlightReq: amount: 128 rate-limit: rateLimit: average: 128 period: 1m burst: 256 retry-attempts: retry: attempts: 4 initialInterval: 100ms default: chain: middlewares: - default-whitelist - https-redirectscheme - default-headers - security-headers - hsts-headers - inflight-req - rate-limit - retry-attempts - compress-all