tls:
  certificates:
    - certFile: /etc/traefik/certs/mcseeno_de.crt
      keyFile: /etc/traefik/certs/mcseeno_de.key
    - certFile: /etc/traefik/certs/utk_mcseeno_de.crt
      keyFile: /etc/traefik/certs/utk_mcseeno_de.key
    - certFile: /etc/traefik/certs/nc_mcseeno_de.crt
      keyFile: /etc/traefik/certs/nc_mcseeno_de.key
  options:
    default:
      minVersion: VersionTLS12
#      sniStrict: true
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      curvePreferences:
        - CurveP521
        - CurveP384
    mintls13:
      minVersion: VersionTLS13

http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        #  HSTS Configuration
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customRequestHeaders:
          X-Frame-Options: "SAMEORIGIN"
        customFrameOptionsValue: "SAMEORIGIN"