secHeaders & basic-auth

2023-01-20 00:08:39 +01:00 · 2023-01-20 00:08:39 +01:00 · 50f5f50d59
parent b16dfd88db
commit 50f5f50d59
1 changed files with 45 additions and 36 deletions
--- a/config/dynamic.yml
+++ b/config/dynamic.yml
@ -1,41 +1,6 @@
 ---
-tls:
-  options:
-    myresolver:
-      minVersion: VersionTLS12
-      sniStrict: false
-      cipherSuites:
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-      curvePreferences:
-        - CurveP521
-        - CurveP384
-#    mintls13:
-#      minVersion: VersionTLS13
- #   domains:
- #           main: "czechman.ipv64.de"
- #           sans:
- #             - "czechman.ipv64.de"

-#http:
-#  middlewares:
-#    secHeaders:
-#      headers:
-#        browserXssFilter: true
-#        contentTypeNosniff: true
-#        frameDeny: true
-#        sslRedirect: true
-#        #  HSTS Configuration
-#        stsIncludeSubdomains: true
-#        stsPreload: true
-#        stsSeconds: 31536000
-#        customRequestHeaders:
-#          X-Frame-Options: "SAMEORIGIN"
-#        customFrameOptionsValue: "SAMEORIGIN"
+

 #  Beispiel für externe Dienste
 http:
@ -47,6 +12,8 @@ http:
      service: "utk" # Den Namen am besten ähnlich zu dem oben setzen
      tls:
        certresolver: "myresolver"
+      middlewares: 
+        - "secHeaders"
    bitwarden: # Tausche den Namen gegen etwas sprechendes aus
      entryPoints:
        - websecure
@ -95,3 +62,45 @@ http:
 #      loadBalancer:
 #        servers:
 #          - url: "http://127.0.0.1" # Auf die richtige URL anpassen.
+
+  middlewares:
+    secHeaders:
+      headers:
+        browserXssFilter: true
+        contentTypeNosniff: true
+        frameDeny: true
+        sslRedirect: true
+        #  HSTS Configuration
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+        customRequestHeaders:
+          X-Frame-Options: "SAMEORIGIN"
+        customFrameOptionsValue: "SAMEORIGIN"
+    basic-auth:
+      basicAuth:
+        users: 
+          - "McSeeno:$$2y$$13$$maYBYazCRDGmcKdSy/QA0eWBUEIpobxcUy.z68fnifcpoCqWm18wW"
+
+
+tls:
+  options:
+    myresolver:
+      minVersion: VersionTLS12
+      sniStrict: false
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+#    mintls13:
+#      minVersion: VersionTLS13
+ #   domains:
+ #           main: "czechman.ipv64.de"
+ #           sans:
+ #             - "czechman.ipv64.de"