(docker) making security settings of traefik on par with nginx

This commit is contained in:
Rigel Kent 2018-06-02 13:41:38 +02:00 committed by Rigel Kent
parent 049539eb4c
commit 1dd59831f8
1 changed files with 23 additions and 0 deletions

View File

@ -7,6 +7,29 @@ defaultEntryPoints = ["http", "https"]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CurvePreferences = [
"CurveP521",
"CurveP384",
"CurveP256"
]
PreferServerCipherSuites = true
CipherSuites = [
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA"
]
FrameDeny = false # here we don't want to deny frames since we have an embed
STSIncludeSubdomains = true
STSSeconds = 315360000
STSPreload = true
ContentTypeNosniff = true
BrowserXssFilter = true
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]