# Uncomment this line in order to enable debugging through logs
# debug = true
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CurvePreferences = [
      "CurveP521",
      "CurveP384",
      "CurveP256"
    ]
    PreferServerCipherSuites = true
    CipherSuites = [
      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
      "TLS_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_RSA_WITH_AES_256_CBC_SHA"
    ]
    FrameDeny = false # here we don't want to deny frames since we have an embed
    STSIncludeSubdomains = true
    STSSeconds = 315360000
    STSPreload = true
    ContentTypeNosniff = true
    BrowserXssFilter = true


# Enable ACME (Let's Encrypt): automatic SSL.
[acme]

# File or key used for certificates storage.
#
# Required
#
storage = "/etc/acme.json"
# or `storage = "traefik/acme/account"` if using KV store.

# Entrypoint to proxy acme apply certificates to.
# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
#
# Required
#
entryPoint = "https"

# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
#
# Optional but recommend
#
[acme.httpChallenge]

  # EntryPoint to use for the challenges.
  #
  # Required
  #
  entryPoint = "http"