httpChellange deakt. u. dynamic.yml v. teqqy.de

config/fileconf/dynamic.yml

@@ -0,0 +1,34 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      sniStrict: true
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+    mintls13:
+      minVersion: VersionTLS13
+
+http:
+  middlewares:
+    secHeaders:
+      headers:
+        browserXssFilter: true
+        contentTypeNosniff: true
+        frameDeny: true
+        sslRedirect: true
+        #  HSTS Configuration
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+        customRequestHeaders:
+          X-Frame-Options: "SAMEORIGIN"
+        customFrameOptionsValue: "SAMEORIGIN"
+

config/traefik.toml

@@ -155,6 +155,7 @@
   # Default: "unix:///var/run/docker.sock"
   #
   # endpoint = "tcp://10.10.10.10:2375"
+  endpoint = "unix:///var/run/docker.sock"
 
   # Default host rule.
   #
@@ -237,13 +238,13 @@
   #
   # Optional
   #
-   [certificatesResolvers.myresolver.acme.httpChallenge]
+  # [certificatesResolvers.myresolver.acme.httpChallenge]
 
     # EntryPoint to use for the HTTP-01 challenges.
     #
     # Required
     #
-    entrypoint = "web"
+  #  entrypoint = "web"
 
   # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
   # Note: mandatory for wildcard certificate generation.