aboutsummaryrefslogtreecommitdiffhomepage
path: root/support/docker
diff options
context:
space:
mode:
authorRigel Kent <sendmemail@rigelk.eu>2018-06-02 13:41:38 +0200
committerRigel Kent <par@rigelk.eu>2018-06-04 23:14:26 +0200
commit1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb (patch)
treed09eceb04958ae8cc4989181ff2aefbaefdfc865 /support/docker
parent049539eb4cd0dc237ea7c491ecba43da990b04eb (diff)
downloadPeerTube-1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb.tar.gz
PeerTube-1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb.tar.zst
PeerTube-1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb.zip
(docker) making security settings of traefik on par with nginx
Diffstat (limited to 'support/docker')
-rw-r--r--support/docker/production/config/traefik.toml23
1 files changed, 23 insertions, 0 deletions
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml
index 775a26515..882c95548 100644
--- a/support/docker/production/config/traefik.toml
+++ b/support/docker/production/config/traefik.toml
@@ -7,6 +7,29 @@ defaultEntryPoints = ["http", "https"]
7 [entryPoints.https] 7 [entryPoints.https]
8 address = ":443" 8 address = ":443"
9 [entryPoints.https.tls] 9 [entryPoints.https.tls]
10 MinVersion = "VersionTLS12"
11 CurvePreferences = [
12 "CurveP521",
13 "CurveP384",
14 "CurveP256"
15 ]
16 PreferServerCipherSuites = true
17 CipherSuites = [
18 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
19 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
20 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
21 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
22 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
23 "TLS_RSA_WITH_AES_256_GCM_SHA384",
24 "TLS_RSA_WITH_AES_256_CBC_SHA"
25 ]
26 FrameDeny = false # here we don't want to deny frames since we have an embed
27 STSIncludeSubdomains = true
28 STSSeconds = 315360000
29 STSPreload = true
30 ContentTypeNosniff = true
31 BrowserXssFilter = true
32
10 33
11# Enable ACME (Let's Encrypt): automatic SSL. 34# Enable ACME (Let's Encrypt): automatic SSL.
12[acme] 35[acme]