2020-06-17 06:23:01 +00:00
|
|
|
---
|
|
|
|
|
http:
|
|
|
|
|
middlewares:
|
2020-10-27 11:19:10 +00:00
|
|
|
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
|
2020-06-17 06:23:01 +00:00
|
|
|
keycloak:
|
|
|
|
|
forwardAuth:
|
2020-10-27 10:06:35 +00:00
|
|
|
address: "http://traefik-forward-auth:4181"
|
2020-06-17 06:23:01 +00:00
|
|
|
trustForwardHeader: true
|
|
|
|
|
authResponseHeaders:
|
|
|
|
|
- X-Forwarded-User
|
2020-10-27 11:19:10 +00:00
|
|
|
{{ end }}
|
|
|
|
|
security:
|
|
|
|
|
headers:
|
|
|
|
|
frameDeny: true
|
|
|
|
|
sslRedirect: true
|
|
|
|
|
browserXssFilter: true
|
|
|
|
|
contentTypeNosniff: true
|
|
|
|
|
stsIncludeSubdomains: true
|
|
|
|
|
stsPreload: true
|
|
|
|
|
stsSeconds: "31536000"
|
|
|
|
|
|
|
|
|
|
tls:
|
|
|
|
|
options:
|
|
|
|
|
default:
|
|
|
|
|
minVersion: VersionTLS12
|
|
|
|
|
cipherSuites:
|
|
|
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
|
|
|
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
|
|
|
|
|
- TLS_AES_256_GCM_SHA384 # TLS 1.3
|
|
|
|
|
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
|
|
|
|
|
curvePreferences:
|
|
|
|
|
- CurveP521
|
|
|
|
|
- CurveP384
|
|
|
|
|
sniStrict: true
|
