traefikv3

2025-10-03 00:46:18 +00:00 · 2025-02-01 13:07:53 +00:00
parent 9b9c0fab0c
commit 7a2e706511
5 changed files with 142 additions and 0 deletions
--- a/Traefikv3/config/config.yaml
+++ b/Traefikv3/config/config.yaml
@@ -0,0 +1,37 @@
+http:
+  middlewares:    
+    default-security-headers:
+      headers:
+        browserXssFilter: true                            # X-XSS-Protection=1; mode=block
+        contentTypeNosniff: true                          # X-Content-Type-Options=nosniff
+        forceSTSHeader: true                              # Add the Strict-Transport-Security header even when the connection is HTTP
+        frameDeny: false                                   # X-Frame-Options=deny
+        referrerPolicy: "strict-origin-when-cross-origin"
+        stsIncludeSubdomains: true                        # Add includeSubdomains to the Strict-Transport-Security header
+        stsPreload: true                                  # Add preload flag appended to the Strict-Transport-Security header
+        stsSeconds: 3153600                              # Set the max-age of the Strict-Transport-Security header (63072000 = 2 years)
+        contentSecurityPolicy: "default-src 'self'"     
+        customRequestHeaders:
+          X-Forwarded-Proto: https
+    https-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
+  routers:
+    portainer:
+      entryPoints:
+        - "https"
+      rule: "Host(`portainer-demo.jimsgarage.co.uk`)"
+      middlewares:
+        - default-security-headers
+        - https-redirectscheme
+      tls: {}
+      service: portainer
+
+  services:
+    portainer:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.200.122:9443"
+        passHostHeader: true
--- a/Traefikv3/config/traefik.yaml
+++ b/Traefikv3/config/traefik.yaml
@@ -0,0 +1,49 @@
+api:
+  dashboard: true
+  debug: true
+entryPoints:
+  http:
+    address: ":80"
+    http:
+    #  middlewares: # uncomment if using CrowdSec - see my video
+    #    - crowdsec-bouncer@file
+      redirections:
+        entrypoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+    # http:
+    #  middlewares: # uncomment if using CrowdSec - see my video
+    #    - crowdsec-bouncer@file
+  # tcp:
+   # address: ":10000"
+  # apis:
+   # address: ":33073"
+serversTransport:
+  insecureSkipVerify: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /config.yaml # example provided gives A+ rating https://www.ssllabs.com/ssltest/
+certificatesResolvers:
+  cloudflare:
+    acme:
+      # caServer: https://acme-v02.api.letsencrypt.org/directory # production (default)
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging (testing)
+      email: your@email.com # Cloudflare email (or other provider)
+      storage: acme.json
+      dnsChallenge:
+        provider: cloudflare # change as required
+        # disablePropagationCheck: true # Some people using Cloudflare note this can solve DNS propagation issues.
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+
+log:
+  level: "INFO"
+  filePath: "/var/log/traefik/traefik.log"
+accessLog:
+  filePath: "/var/log/traefik/access.log"