2020-06-17 06:23:01 +00:00
|
|
|
---
|
|
|
|
http:
|
|
|
|
middlewares:
|
2020-10-27 11:19:10 +00:00
|
|
|
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
|
2020-06-17 06:23:01 +00:00
|
|
|
keycloak:
|
|
|
|
forwardAuth:
|
2021-10-13 22:43:38 +00:00
|
|
|
address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
|
2020-06-17 06:23:01 +00:00
|
|
|
trustForwardHeader: true
|
|
|
|
authResponseHeaders:
|
|
|
|
- X-Forwarded-User
|
2020-10-27 11:19:10 +00:00
|
|
|
{{ end }}
|
2021-11-16 14:08:04 +00:00
|
|
|
{{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
|
|
|
|
keycloak2:
|
|
|
|
forwardAuth:
|
2021-11-23 10:22:22 +00:00
|
|
|
address: "http://{{ env "KEYCLOAK_TFA_SERVICE_2" }}:4181"
|
2021-11-16 14:08:04 +00:00
|
|
|
trustForwardHeader: true
|
|
|
|
authResponseHeaders:
|
|
|
|
- X-Forwarded-User
|
|
|
|
{{ end }}
|
2023-02-07 12:00:27 +00:00
|
|
|
{{ if eq (env "BASIC_AUTH") "1" }}
|
|
|
|
basicauth:
|
|
|
|
basicAuth:
|
|
|
|
usersFile: "/run/secrets/usersfile"
|
|
|
|
{{ end }}
|
2020-10-27 11:19:10 +00:00
|
|
|
security:
|
|
|
|
headers:
|
|
|
|
frameDeny: true
|
|
|
|
sslRedirect: true
|
|
|
|
browserXssFilter: true
|
|
|
|
contentTypeNosniff: true
|
|
|
|
stsIncludeSubdomains: true
|
|
|
|
stsPreload: true
|
|
|
|
stsSeconds: "31536000"
|
|
|
|
|
|
|
|
tls:
|
|
|
|
options:
|
|
|
|
default:
|
|
|
|
minVersion: VersionTLS12
|
|
|
|
cipherSuites:
|
|
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
|
|
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
|
|
|
|
- TLS_AES_256_GCM_SHA384 # TLS 1.3
|
|
|
|
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
|
|
|
|
curvePreferences:
|
|
|
|
- CurveP521
|
|
|
|
- CurveP384
|
|
|
|
sniStrict: true
|