forked from coop-cloud/traefik
43 lines
1.2 KiB
Cheetah
43 lines
1.2 KiB
Cheetah
---
|
|
http:
|
|
middlewares:
|
|
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
|
|
keycloak:
|
|
forwardAuth:
|
|
address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-Forwarded-User
|
|
{{ end }}
|
|
{{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
|
|
keycloak2:
|
|
forwardAuth:
|
|
address: "http://${KEYCLOAK_TFA_SERVICE_2}:4181"
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-Forwarded-User
|
|
{{ end }}
|
|
security:
|
|
headers:
|
|
frameDeny: true
|
|
sslRedirect: true
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: "31536000"
|
|
|
|
tls:
|
|
options:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
cipherSuites:
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
|
|
- TLS_AES_256_GCM_SHA384 # TLS 1.3
|
|
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
|
|
curvePreferences:
|
|
- CurveP521
|
|
- CurveP384
|
|
sniStrict: true
|