From a293f78f15dfb836ce8bdd89277921f8bb066144 Mon Sep 17 00:00:00 2001 From: Colin Hebert Date: Sun, 1 Jan 2023 14:29:35 +0100 Subject: [PATCH] Set HSTS by default --- services/traefik/configs/traefik.yml | 2 ++ services/traefik/volumes/config/hsts.yml | 9 +++++++++ services/traefik/volumes/config/{tls.yaml => tls.yml} | 0 3 files changed, 11 insertions(+) create mode 100644 services/traefik/volumes/config/hsts.yml rename services/traefik/volumes/config/{tls.yaml => tls.yml} (100%) diff --git a/services/traefik/configs/traefik.yml b/services/traefik/configs/traefik.yml index 76410b2..05c58fa 100644 --- a/services/traefik/configs/traefik.yml +++ b/services/traefik/configs/traefik.yml @@ -25,6 +25,8 @@ entryPoints: address: :443 http: tls: {} + middlewares: + - hsts@file global: sendAnonymousUsage: false diff --git a/services/traefik/volumes/config/hsts.yml b/services/traefik/volumes/config/hsts.yml new file mode 100644 index 0000000..afafc09 --- /dev/null +++ b/services/traefik/volumes/config/hsts.yml @@ -0,0 +1,9 @@ +http: + middlewares: + hsts: + headers: + frameDeny: true + browserXssFilter: true + stsSeconds: 31536000 # 1 year + stsPreload: true + stsIncludeSubdomains: true \ No newline at end of file diff --git a/services/traefik/volumes/config/tls.yaml b/services/traefik/volumes/config/tls.yml similarity index 100% rename from services/traefik/volumes/config/tls.yaml rename to services/traefik/volumes/config/tls.yml