A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys, Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun VPN routing, and a web dashboard to manage it all. Free & open forever to self-host; optional paid hosted services fund it. See PROMISE.md. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
48 lines
2.3 KiB
YAML
Executable File
48 lines
2.3 KiB
YAML
Executable File
# Helpful video https://www.youtube.com/watch?v=liV3c9m_OX8
|
|
http:
|
|
middlewares:
|
|
# Add automatically some security headers
|
|
# Use with traefik.http.routers.myRouter.middlewares: "default-security-headers@file"
|
|
default-security-headers:
|
|
headers:
|
|
browserXssFilter: true # X-XSS-Protection=1; mode=block
|
|
contentTypeNosniff: true # X-Content-Type-Options=nosniff
|
|
forceSTSHeader: true # Add the Strict-Transport-Security header even when the connection is HTTP
|
|
frameDeny: true # X-Frame-Options=deny
|
|
referrerPolicy: "strict-origin-when-cross-origin"
|
|
sslRedirect: true # Allow only https requests
|
|
stsIncludeSubdomains: true # Add includeSubdomains to the Strict-Transport-Security header
|
|
stsPreload: true # Add preload flag appended to the Strict-Transport-Security header
|
|
stsSeconds: 63072000 # Set the max-age of the Strict-Transport-Security header (63072000 = 2 years)
|
|
# Serve the error pages when the status is included inside the following ranges
|
|
# Use with traefik.http.routers.myRouter.middlewares: "error-pages@file"
|
|
error-pages:
|
|
errors:
|
|
query: "erreur{status}/"
|
|
service: traefik-error-pages
|
|
status:
|
|
- "403-404"
|
|
- "500"
|
|
- "503"
|
|
# Enables the GZIP compression (https://docs.traefik.io/middlewares/compress/)
|
|
# if the response body is larger than 1400 bytes
|
|
# if the Accept-Encoding request header contains gzip
|
|
# if the response is not already compressed (Content-Encoding is not set)
|
|
# Use with traefik.http.routers.myRouter.middlewares: "gzip@file"
|
|
gzip:
|
|
compress: {}
|
|
# Recommended default middleware for most of the services
|
|
# Use with traefik.http.routers.myRouter.middlewares: "default@file"
|
|
# Equivalent of traefik.http.routers.myRouter.middlewares: "default-security-headers@file,error-pages@file,gzip@file"
|
|
default:
|
|
chain:
|
|
middlewares:
|
|
- default-security-headers
|
|
- error-pages
|
|
- gzip
|
|
services:
|
|
# Error pages
|
|
traefik-error-pages:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "ERRORWEBSITE" |