diff options
author | Rigel Kent <sendmemail@rigelk.eu> | 2018-06-02 13:41:38 +0200 |
---|---|---|
committer | Rigel Kent <par@rigelk.eu> | 2018-06-04 23:14:26 +0200 |
commit | 1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb (patch) | |
tree | d09eceb04958ae8cc4989181ff2aefbaefdfc865 /support/docker | |
parent | 049539eb4cd0dc237ea7c491ecba43da990b04eb (diff) | |
download | PeerTube-1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb.tar.gz PeerTube-1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb.tar.zst PeerTube-1dd59831f80ff4d49f3b60c8c3b2aabfb1512eeb.zip |
(docker) making security settings of traefik on par with nginx
Diffstat (limited to 'support/docker')
-rw-r--r-- | support/docker/production/config/traefik.toml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml index 775a26515..882c95548 100644 --- a/support/docker/production/config/traefik.toml +++ b/support/docker/production/config/traefik.toml | |||
@@ -7,6 +7,29 @@ defaultEntryPoints = ["http", "https"] | |||
7 | [entryPoints.https] | 7 | [entryPoints.https] |
8 | address = ":443" | 8 | address = ":443" |
9 | [entryPoints.https.tls] | 9 | [entryPoints.https.tls] |
10 | MinVersion = "VersionTLS12" | ||
11 | CurvePreferences = [ | ||
12 | "CurveP521", | ||
13 | "CurveP384", | ||
14 | "CurveP256" | ||
15 | ] | ||
16 | PreferServerCipherSuites = true | ||
17 | CipherSuites = [ | ||
18 | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", | ||
19 | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", | ||
20 | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", | ||
21 | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", | ||
22 | "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", | ||
23 | "TLS_RSA_WITH_AES_256_GCM_SHA384", | ||
24 | "TLS_RSA_WITH_AES_256_CBC_SHA" | ||
25 | ] | ||
26 | FrameDeny = false # here we don't want to deny frames since we have an embed | ||
27 | STSIncludeSubdomains = true | ||
28 | STSSeconds = 315360000 | ||
29 | STSPreload = true | ||
30 | ContentTypeNosniff = true | ||
31 | BrowserXssFilter = true | ||
32 | |||
10 | 33 | ||
11 | # Enable ACME (Let's Encrypt): automatic SSL. | 34 | # Enable ACME (Let's Encrypt): automatic SSL. |
12 | [acme] | 35 | [acme] |