58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
|
tls:
|
||
|
|
options:
|
||
|
|
default:
|
||
|
|
minVersion: VersionTLS12
|
||
|
|
cipherSuites:
|
||
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||
|
|
- TLS_AES_128_GCM_SHA256
|
||
|
|
- TLS_AES_256_GCM_SHA384
|
||
|
|
- TLS_CHACHA20_POLY1305_SHA256
|
||
|
|
curvePreferences:
|
||
|
|
- CurveP521
|
||
|
|
- CurveP384
|
||
|
|
sniStrict: true
|
||
|
|
|
||
|
|
http:
|
||
|
|
routers:
|
||
|
|
traefik:
|
||
|
|
rule: "Host(`proxy.example.com`)"
|
||
|
|
middlewares:
|
||
|
|
- authelia
|
||
|
|
- secHeaders
|
||
|
|
tls:
|
||
|
|
certResolver: inwx
|
||
|
|
service: api@internal
|
||
|
|
authelia:
|
||
|
|
rule: "Host(`auth.example.com`)"
|
||
|
|
middlewares:
|
||
|
|
- secHeaders
|
||
|
|
tls:
|
||
|
|
certResolver: inwx
|
||
|
|
service: authelia
|
||
|
|
|
||
|
|
middlewares:
|
||
|
|
secHeaders:
|
||
|
|
headers:
|
||
|
|
browserXssFilter: true
|
||
|
|
contentTypeNosniff: true
|
||
|
|
frameDeny: true
|
||
|
|
sslRedirect: true
|
||
|
|
forceSTSHeader: true
|
||
|
|
stsIncludeSubdomains: true
|
||
|
|
stsPreload: true
|
||
|
|
stsSeconds: 31536000
|
||
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
||
|
|
customRequestHeaders:
|
||
|
|
X-Forwarded-Proto: https
|
||
|
|
authelia:
|
||
|
|
forwardAuth:
|
||
|
|
address: "http://authelia:9091/api/verify?rd=https://auth.example.com"
|
||
|
|
|
||
|
|
services:
|
||
|
|
authelia:
|
||
|
|
loadBalancer:
|
||
|
|
servers:
|
||
|
|
- url: "http://authelia:9091"
|