2018-05-28 10:53:57 +02:00
|
|
|
# Uncomment this line in order to enable debugging through logs
|
|
|
|
# debug = true
|
|
|
|
defaultEntryPoints = ["http", "https"]
|
2018-11-21 15:35:26 +01:00
|
|
|
|
2018-05-28 10:53:57 +02:00
|
|
|
[entryPoints]
|
|
|
|
[entryPoints.http]
|
|
|
|
address = ":80"
|
2018-11-21 15:35:26 +01:00
|
|
|
[entryPoints.http.redirect]
|
|
|
|
entryPoint = "https"
|
2018-05-28 10:53:57 +02:00
|
|
|
[entryPoints.https]
|
|
|
|
address = ":443"
|
|
|
|
[entryPoints.https.tls]
|
2018-06-02 13:41:38 +02:00
|
|
|
MinVersion = "VersionTLS12"
|
|
|
|
CurvePreferences = [
|
|
|
|
"CurveP521",
|
|
|
|
"CurveP384",
|
|
|
|
"CurveP256"
|
|
|
|
]
|
|
|
|
PreferServerCipherSuites = true
|
|
|
|
CipherSuites = [
|
|
|
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
|
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
|
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
|
|
|
"TLS_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
|
"TLS_RSA_WITH_AES_256_CBC_SHA"
|
|
|
|
]
|
|
|
|
FrameDeny = false # here we don't want to deny frames since we have an embed
|
|
|
|
STSIncludeSubdomains = true
|
|
|
|
STSSeconds = 315360000
|
|
|
|
STSPreload = true
|
|
|
|
ContentTypeNosniff = true
|
|
|
|
BrowserXssFilter = true
|
|
|
|
|
2018-05-28 10:53:57 +02:00
|
|
|
|
|
|
|
# Enable ACME (Let's Encrypt): automatic SSL.
|
|
|
|
[acme]
|
|
|
|
|
|
|
|
# Email address used for registration.
|
|
|
|
#
|
|
|
|
# Required
|
|
|
|
#
|
|
|
|
email = "<MY EMAIL ADDRESS>"
|
|
|
|
|
|
|
|
# File or key used for certificates storage.
|
|
|
|
#
|
|
|
|
# Required
|
|
|
|
#
|
|
|
|
storage = "/etc/acme.json"
|
|
|
|
# or `storage = "traefik/acme/account"` if using KV store.
|
|
|
|
|
|
|
|
# Entrypoint to proxy acme apply certificates to.
|
|
|
|
# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
|
|
|
|
#
|
|
|
|
# Required
|
|
|
|
#
|
|
|
|
entryPoint = "https"
|
|
|
|
|
|
|
|
# Domains list.
|
|
|
|
#
|
|
|
|
[[acme.domains]]
|
|
|
|
main = "<MY DOMAIN>"
|
|
|
|
|
|
|
|
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
|
|
|
|
#
|
|
|
|
# Optional but recommend
|
|
|
|
#
|
|
|
|
[acme.httpChallenge]
|
|
|
|
|
|
|
|
# EntryPoint to use for the challenges.
|
|
|
|
#
|
|
|
|
# Required
|
|
|
|
#
|
|
|
|
entryPoint = "http"
|