From 50f5f50d59fe3347c3e7d564d8696836245be497 Mon Sep 17 00:00:00 2001
From: Czechman <matthias@czechman.de>
Date: Fri, 20 Jan 2023 00:08:39 +0100
Subject: [PATCH] secHeaders & basic-auth

---
 config/dynamic.yml | 81 +++++++++++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 36 deletions(-)

diff --git a/config/dynamic.yml b/config/dynamic.yml
index b9dbefc..f33a58e 100644
--- a/config/dynamic.yml
+++ b/config/dynamic.yml
@@ -1,41 +1,6 @@
 ---
-tls:
-  options:
-    myresolver:
-      minVersion: VersionTLS12
-      sniStrict: false
-      cipherSuites:
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-      curvePreferences:
-        - CurveP521
-        - CurveP384
-#    mintls13:
-#      minVersion: VersionTLS13
- #   domains:
- #           main: "czechman.ipv64.de"
- #           sans:
- #             - "czechman.ipv64.de"
 
-#http:
-#  middlewares:
-#    secHeaders:
-#      headers:
-#        browserXssFilter: true
-#        contentTypeNosniff: true
-#        frameDeny: true
-#        sslRedirect: true
-#        #  HSTS Configuration
-#        stsIncludeSubdomains: true
-#        stsPreload: true
-#        stsSeconds: 31536000
-#        customRequestHeaders:
-#          X-Frame-Options: "SAMEORIGIN"
-#        customFrameOptionsValue: "SAMEORIGIN"
+
 
 #  Beispiel für externe Dienste
 http:
@@ -47,6 +12,8 @@ http:
       service: "utk" # Den Namen am besten ähnlich zu dem oben setzen
       tls:
         certresolver: "myresolver"
+      middlewares: 
+        - "secHeaders"
     bitwarden: # Tausche den Namen gegen etwas sprechendes aus
       entryPoints:
         - websecure
@@ -95,3 +62,45 @@ http:
 #      loadBalancer:
 #        servers:
 #          - url: "http://127.0.0.1" # Auf die richtige URL anpassen.
+
+  middlewares:
+    secHeaders:
+      headers:
+        browserXssFilter: true
+        contentTypeNosniff: true
+        frameDeny: true
+        sslRedirect: true
+        #  HSTS Configuration
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+        customRequestHeaders:
+          X-Frame-Options: "SAMEORIGIN"
+        customFrameOptionsValue: "SAMEORIGIN"
+    basic-auth:
+      basicAuth:
+        users: 
+          - "McSeeno:$$2y$$13$$maYBYazCRDGmcKdSy/QA0eWBUEIpobxcUy.z68fnifcpoCqWm18wW"
+
+
+tls:
+  options:
+    myresolver:
+      minVersion: VersionTLS12
+      sniStrict: false
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+#    mintls13:
+#      minVersion: VersionTLS13
+ #   domains:
+ #           main: "czechman.ipv64.de"
+ #           sans:
+ #             - "czechman.ipv64.de"