KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Test hardened TLS headers

This commit is contained in:
Jean Froment 2020-10-23 17:54:26 +02:00
parent c18589d42f
commit 48964a7aba
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@ -15,6 +15,7 @@ services:
- ./traefik:/etc/traefik:ro - ./traefik:/etc/traefik:ro
- configtraefik:/config:ro - configtraefik:/config:ro
environment: environment:
- TRAEFIK_DOMAIN=${TRAEFIK_DOMAIN}
- TZ=${TZ} - TZ=${TZ}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"

15
traefik/custom/middlewares.yaml
View File

@ -5,9 +5,18 @@ http:
usersFile: "/etc/traefik/http_auth" usersFile: "/etc/traefik/http_auth"
security-headers: security-headers:
headers: headers:
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true forceSTSHeader: true
stsIncludeSubdomains: true stsIncludeSubdomains: true
stsSeconds: 31536000 stsSeconds: 31536000
sslRedirect: true
sslForceHost: true
sslHost: '{{env "TRAEFIK_DOMAIN"}}'
contentSecurityPolicy: "script-src 'self'; img-src 'self'"
referrerPolicy: "same-origin"
featurePolicy: "vibrate 'self'; geolocation 'self'; midi 'self'; notifications 'self'; push 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'"
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true