Improve SSL rating #8
Merged
decentral1se
merged 1 commits from enable-better-ssl
into master
2 years ago
4 changed files with 33 additions and 11 deletions
@ -1,9 +1,34 @@
@@ -1,9 +1,34 @@
|
||||
--- |
||||
http: |
||||
middlewares: |
||||
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }} |
||||
keycloak: |
||||
forwardAuth: |
||||
address: "http://traefik-forward-auth:4181" |
||||
trustForwardHeader: true |
||||
authResponseHeaders: |
||||
- X-Forwarded-User |
||||
{{ end }} |
||||
security: |
||||
headers: |
||||
frameDeny: true |
||||
sslRedirect: true |
||||
browserXssFilter: true |
||||
contentTypeNosniff: true |
||||
stsIncludeSubdomains: true |
||||
stsPreload: true |
||||
stsSeconds: "31536000" |
||||
|
||||
tls: |
||||
options: |
||||
default: |
||||
minVersion: VersionTLS12 |
||||
cipherSuites: |
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2 |
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2 |
||||
- TLS_AES_256_GCM_SHA384 # TLS 1.3 |
||||
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3 |
||||
curvePreferences: |
||||
- CurveP521 |
||||
- CurveP384 |
||||
sniStrict: true |
||||
|
Loading…
Reference in new issue