traefik/file-provider.yml.tmpl

43 lines
1.2 KiB
Cheetah

---
http:
middlewares:
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
keycloak:
forwardAuth:
address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
trustForwardHeader: true
authResponseHeaders:
- X-Forwarded-User
{{ end }}
{{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
keycloak2:
forwardAuth:
address: "http://${KEYCLOAK_TFA_SERVICE_2}:4181"
trustForwardHeader: true
authResponseHeaders:
- X-Forwarded-User
{{ end }}
security:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: "31536000"
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true