(docker) making security settings of traefik on par with nginx
This commit is contained in:
parent
049539eb4c
commit
1dd59831f8
|
@ -7,6 +7,29 @@ defaultEntryPoints = ["http", "https"]
|
|||
[entryPoints.https]
|
||||
address = ":443"
|
||||
[entryPoints.https.tls]
|
||||
MinVersion = "VersionTLS12"
|
||||
CurvePreferences = [
|
||||
"CurveP521",
|
||||
"CurveP384",
|
||||
"CurveP256"
|
||||
]
|
||||
PreferServerCipherSuites = true
|
||||
CipherSuites = [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||||
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
"TLS_RSA_WITH_AES_256_GCM_SHA384",
|
||||
"TLS_RSA_WITH_AES_256_CBC_SHA"
|
||||
]
|
||||
FrameDeny = false # here we don't want to deny frames since we have an embed
|
||||
STSIncludeSubdomains = true
|
||||
STSSeconds = 315360000
|
||||
STSPreload = true
|
||||
ContentTypeNosniff = true
|
||||
BrowserXssFilter = true
|
||||
|
||||
|
||||
# Enable ACME (Let's Encrypt): automatic SSL.
|
||||
[acme]
|
||||
|
|
Loading…
Reference in New Issue