modified: docker-compose.yml
modified: traefik/dynamic.yml modified: traefik/traefik.yml
This commit is contained in:
@@ -25,3 +25,12 @@ http:
|
||||
middlewares:
|
||||
- secHeaders
|
||||
- crowdsec
|
||||
tls:
|
||||
options:
|
||||
mtls-private-admin:
|
||||
minVersion: VersionTLS12
|
||||
sniStrict: true
|
||||
clientAuth:
|
||||
caFiles:
|
||||
- /etc/traefik/certs/ca/clients-ca.crt
|
||||
clientAuthType: RequireAndVerifyClientCert
|
||||
|
||||
@@ -13,6 +13,17 @@ accessLog:
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
forwardedHeaders:
|
||||
# Trust forwarding headers only from upstream proxies/LBs under our control.
|
||||
# Network assumptions for this stack:
|
||||
# - 127.0.0.1/32: local host-side reverse-proxy hops
|
||||
# - 192.168.2.0/24: LAN edge proxies
|
||||
# - 172.21.0.0/16: pinned Docker subnet for the traefik bridge network
|
||||
insecure: false
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.0.0/24"
|
||||
- "172.21.0.0/16"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
@@ -21,6 +32,12 @@ entryPoints:
|
||||
|
||||
websecure:
|
||||
address: ":443"
|
||||
forwardedHeaders:
|
||||
insecure: false
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.0.0/24"
|
||||
- "172.21.0.0/16"
|
||||
http:
|
||||
middlewares:
|
||||
- default-chain@file
|
||||
|
||||
Reference in New Issue
Block a user