(docker) making security settings of traefik on par with nginx
This commit is contained in:
parent
049539eb4c
commit
1dd59831f8
|
@ -7,6 +7,29 @@ defaultEntryPoints = ["http", "https"]
|
||||||
[entryPoints.https]
|
[entryPoints.https]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
[entryPoints.https.tls]
|
[entryPoints.https.tls]
|
||||||
|
MinVersion = "VersionTLS12"
|
||||||
|
CurvePreferences = [
|
||||||
|
"CurveP521",
|
||||||
|
"CurveP384",
|
||||||
|
"CurveP256"
|
||||||
|
]
|
||||||
|
PreferServerCipherSuites = true
|
||||||
|
CipherSuites = [
|
||||||
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||||
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||||
|
"TLS_RSA_WITH_AES_256_GCM_SHA384",
|
||||||
|
"TLS_RSA_WITH_AES_256_CBC_SHA"
|
||||||
|
]
|
||||||
|
FrameDeny = false # here we don't want to deny frames since we have an embed
|
||||||
|
STSIncludeSubdomains = true
|
||||||
|
STSSeconds = 315360000
|
||||||
|
STSPreload = true
|
||||||
|
ContentTypeNosniff = true
|
||||||
|
BrowserXssFilter = true
|
||||||
|
|
||||||
|
|
||||||
# Enable ACME (Let's Encrypt): automatic SSL.
|
# Enable ACME (Let's Encrypt): automatic SSL.
|
||||||
[acme]
|
[acme]
|
||||||
|
|
Loading…
Reference in New Issue