Pangolin
Security Headers Traefik #142
whenthelight
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey due to a security check , i realize that there should be more security headers active in the traefik config. Max setting to get a min A Rating for now , example dynamic conf. What do you mean of this extra sec option ? :
http:
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
cors:
headers:
accessControlAllowMethods:
- GET
- PUT
- POST
- DELETE
- PATCH
accessControlAllowHeaders:
- Content-Type
- X-CSRF-Token
accessControlAllowOriginList:
- https://pangolin.yourdomain.example
accessControlAllowCredentials: false
# Neue Security Middlewares
default-security-headers:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
contentSecurityPolicy: "default-src 'self'; script-src 'self' 'nonce-{RANDOM}'; style-src 'self'; img-src 'self' data: https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'"
referrerPolicy: "strict-origin-when-cross-origin"
permissionsPolicy: "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()"
gzip:
compress: {}
# Chain Middleware für kombinierte Security
security-chain:
chain:
middlewares:
- default-security-headers
- gzip
- cors
routers:
main-app-router-redirect:
rule: Host(
pangolin.yourdomain.example)service: next-service
entryPoints:
- web
middlewares:
- redirect-to-https
- cors
- security-chain
next-router:
rule: Host(
pangolin.yourdomain.example) && !PathPrefix(/api/v1)service: next-service
entryPoints:
- websecure
middlewares:
- cors
- security-chain
tls:
certResolver: letsencrypt
domains:
- main: example.com
sans:
- '*.example.com'
api-router:
rule: Host(
pangolin.yourdomain.example) && PathPrefix(/api/v1)service: api-service
entryPoints:
- websecure
middlewares:
- cors
- security-chain
tls:
certResolver: letsencrypt
ws-router:
rule: Host(
pangolin.yourdomain.example)service: api-service
entryPoints:
- websecure
middlewares:
- cors
- security-chain
tls:
certResolver: letsencrypt
services:
next-service:
loadBalancer:
servers:
- url: http://pangolin:3002
api-service:
loadBalancer:
servers:
- url: http://pangolin:3000
Beta Was this translation helpful? Give feedback.
All reactions