[github/Chocobozzz/PeerTube.git] / support / docker / production / config / traefik.toml

# Uncomment this line in order to enable debugging through logs
# debug = true
defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CurvePreferences = [
      "CurveP521",
      "CurveP384",
      "CurveP256"
    ]
    PreferServerCipherSuites = true
    CipherSuites = [
      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
      "TLS_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_RSA_WITH_AES_256_CBC_SHA"
    ]
    FrameDeny = false # here we don't want to deny frames since we have an embed
    STSIncludeSubdomains = true
    STSSeconds = 315360000
    STSPreload = true
    ContentTypeNosniff = true
    BrowserXssFilter = true


# Enable ACME (Let's Encrypt): automatic SSL.
[acme]

# Email address used for registration.
#
# Required
#
email = "<MY EMAIL ADDRESS>"

# File or key used for certificates storage.
#
# Required
#
storage = "/etc/acme.json"
# or `storage = "traefik/acme/account"` if using KV store.

# Entrypoint to proxy acme apply certificates to.
# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
#
# Required
#
entryPoint = "https"

# Domains list.
#
[[acme.domains]]
  main = "<MY DOMAIN>"

# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#
# Optional but recommend
#
[acme.httpChallenge]

  # EntryPoint to use for the challenges.
  #
  # Required
  #
  entryPoint = "http"
Commit	Line	Data
b44a9630 C	1	# Uncomment this line in order to enable debugging through logs
	2	# debug = true
	3	defaultEntryPoints = ["http", "https"]
	4	[entryPoints]
	5	[entryPoints.http]
	6	address = ":80"
	7	[entryPoints.https]
	8	address = ":443"
	9	[entryPoints.https.tls]
1dd59831 RK	10	MinVersion = "VersionTLS12"
	11	CurvePreferences = [
	12	"CurveP521",
	13	"CurveP384",
	14	"CurveP256"
	15	]
	16	PreferServerCipherSuites = true
	17	CipherSuites = [
	18	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	19	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	20	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	21	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	22	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
	23	"TLS_RSA_WITH_AES_256_GCM_SHA384",
	24	"TLS_RSA_WITH_AES_256_CBC_SHA"
	25	]
	26	FrameDeny = false # here we don't want to deny frames since we have an embed
	27	STSIncludeSubdomains = true
	28	STSSeconds = 315360000
	29	STSPreload = true
	30	ContentTypeNosniff = true
	31	BrowserXssFilter = true
	32
b44a9630 C	33
	34	# Enable ACME (Let's Encrypt): automatic SSL.
	35	[acme]
	36
	37	# Email address used for registration.
	38	#
	39	# Required
	40	#
	41	email = "<MY EMAIL ADDRESS>"
	42
	43	# File or key used for certificates storage.
	44	#
	45	# Required
	46	#
	47	storage = "/etc/acme.json"
	48	# or `storage = "traefik/acme/account"` if using KV store.
	49
	50	# Entrypoint to proxy acme apply certificates to.
	51	# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
	52	#
	53	# Required
	54	#
	55	entryPoint = "https"
	56
	57	# Domains list.
	58	#
	59	[[acme.domains]]
	60	main = "<MY DOMAIN>"
	61
	62	# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
	63	#
	64	# Optional but recommend
	65	#
	66	[acme.httpChallenge]
	67
	68	# EntryPoint to use for the challenges.
	69	#
	70	# Required
	71	#
	72	entryPoint = "http"