]>
Commit | Line | Data |
---|---|---|
b44a9630 C |
1 | # Uncomment this line in order to enable debugging through logs |
2 | # debug = true | |
3 | defaultEntryPoints = ["http", "https"] | |
4 | [entryPoints] | |
5 | [entryPoints.http] | |
6 | address = ":80" | |
7 | [entryPoints.https] | |
8 | address = ":443" | |
9 | [entryPoints.https.tls] | |
1dd59831 RK |
10 | MinVersion = "VersionTLS12" |
11 | CurvePreferences = [ | |
12 | "CurveP521", | |
13 | "CurveP384", | |
14 | "CurveP256" | |
15 | ] | |
16 | PreferServerCipherSuites = true | |
17 | CipherSuites = [ | |
18 | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", | |
19 | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", | |
20 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", | |
21 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", | |
22 | "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", | |
23 | "TLS_RSA_WITH_AES_256_GCM_SHA384", | |
24 | "TLS_RSA_WITH_AES_256_CBC_SHA" | |
25 | ] | |
26 | FrameDeny = false # here we don't want to deny frames since we have an embed | |
27 | STSIncludeSubdomains = true | |
28 | STSSeconds = 315360000 | |
29 | STSPreload = true | |
30 | ContentTypeNosniff = true | |
31 | BrowserXssFilter = true | |
32 | ||
b44a9630 C |
33 | |
34 | # Enable ACME (Let's Encrypt): automatic SSL. | |
35 | [acme] | |
36 | ||
37 | # Email address used for registration. | |
38 | # | |
39 | # Required | |
40 | # | |
41 | email = "<MY EMAIL ADDRESS>" | |
42 | ||
43 | # File or key used for certificates storage. | |
44 | # | |
45 | # Required | |
46 | # | |
47 | storage = "/etc/acme.json" | |
48 | # or `storage = "traefik/acme/account"` if using KV store. | |
49 | ||
50 | # Entrypoint to proxy acme apply certificates to. | |
51 | # WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443 | |
52 | # | |
53 | # Required | |
54 | # | |
55 | entryPoint = "https" | |
56 | ||
57 | # Domains list. | |
58 | # | |
59 | [[acme.domains]] | |
60 | main = "<MY DOMAIN>" | |
61 | ||
62 | # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge | |
63 | # | |
64 | # Optional but recommend | |
65 | # | |
66 | [acme.httpChallenge] | |
67 | ||
68 | # EntryPoint to use for the challenges. | |
69 | # | |
70 | # Required | |
71 | # | |
72 | entryPoint = "http" |