haiku-atelier-2024/containers/conf/traefik/dynamic/general.yaml

---
# yaml-language-server: $schema=https://www.schemastore.org/traefik-v3.json

http:
  middlewares:
    compression:
      compress:
        excludedContentTypes:
          - text/event-stream

    security:
      headers:
        accessControlAllowCredentials: true
        accessControlAllowHeaders: "content-type"
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - POST
          - PUT
        accessControlAllowOriginListRegex: "https://.*\\.gcch\\.local(.*)"
        accessControlMaxAge: 100
        addVaryHeader: true
        browserXssFilter: true
        contentTypeNosniff: true
        customFrameOptionsValue: SAMEORIGIN
        featurePolicy: "camera 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'; vibrate 'self';"
        forceSTSHeader: false
        frameDeny: true
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        isDevelopment: true
        referrerPolicy: "origin"
        stsPreload: true
        stsSeconds: 315360000

tls:
  options:
    default:
      alpnProtocols:
        - h2
        - http/1.1
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
      minVersion: VersionTLS12
      sniStrict: true

    mintls13:
      minVersion: VersionTLS13