1 # Uncomment this line in order to enable debugging through logs
3 defaultEntryPoints = ["http", "https"]
8 [entryPoints.http.redirect]
12 [entryPoints.https.tls]
13 MinVersion = "VersionTLS12"
19 PreferServerCipherSuites = true
21 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
22 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
23 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
24 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
25 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
26 "TLS_RSA_WITH_AES_256_GCM_SHA384",
27 "TLS_RSA_WITH_AES_256_CBC_SHA"
29 FrameDeny = false # here we don't want to deny frames since we have an embed
30 STSIncludeSubdomains = true
31 STSSeconds = 315360000
33 ContentTypeNosniff = true
34 BrowserXssFilter = true
37 # Enable ACME (Let's Encrypt): automatic SSL.
40 # Email address used for registration.
44 email = "<MY EMAIL ADDRESS>"
46 # File or key used for certificates storage.
50 storage = "/etc/acme.json"
51 # or `storage = "traefik/acme/account"` if using KV store.
53 # Entrypoint to proxy acme apply certificates to.
54 # WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
65 # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
67 # Optional but recommend
71 # EntryPoint to use for the challenges.