Jafner.net/homelab/stacks/traefik/config/config_addons.yaml

http:
  middlewares:
    lan-only:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "192.168.1.1/24"
    simple-auth:
      basicAuth:
        usersFile: "/.htpasswd"
    securityheaders:
      headers:
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
          server: ""
        sslProxyHeaders:
          X-Forwarded-Proto: https
        referrerPolicy: "same-origin"
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        customRequestHeaders:
          X-Forwarded-Proto: "https"
          X-Scheme: https
        contentTypeNosniff: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 63072000
        stsPreload: true
    pihole:
      addprefix:
        prefix: "/admin"
    traefik-forward-auth:
      forwardauth:
        address: http://forwardauth:4181
        trustForwardHeader: true
        authResponseHeaders:
          - X-Forwarded-User
    traefik-forward-auth-privileged:
      forwardauth:
        address: http://forwardauth-privileged:4181
        trustForwardHeader: true
        authResponseHeaders:
          - X-Forwarded-User
    nextcloud-headers:
      headers:
        accessControlMaxAge: 100
        sslRedirect: true
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        customFrameOptionsValue: "SAMEORIGIN" #CSP takes care of this but may be needed for organizr.
        contentTypeNosniff: true
        browserXssFilter: true
        sslForceHost: true 
        sslHost: "nextcloud.jafner.net"
        referrerPolicy: "no-referrer"
        #contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
        customResponseHeaders:
          X-Robots-Tag: "noindex, nofollow"
          server: ""
    nextcloud-redirect:
      redirectRegex:
        permanent: true
        regex: "https://(.*)/.well-known/(card|cal)dav"
        replacement: "https://${1}/remote.php/dav/"
    keycloak:
      headers:
        customResponseHeaders:
          X-Robots-Tag: "noindex, nofollow"
        referrerPolicy: "same-origin"
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        customRequestHeaders:
          X-Forwarded-Proto: "https"
          X-Scheme: https

  serversTransports:
    insecureskipverify:
      insecureSkipVerify: true
#14 Create Traefik stack 2024-10-22 19:35:09 -07:00			`http:`
			`middlewares:`
			`lan-only:`
			`ipWhiteList:`
			`sourceRange:`
			`- "127.0.0.1/32"`
			`- "192.168.1.1/24"`
			`simple-auth:`
			`basicAuth:`
			`usersFile: "/.htpasswd"`
			`securityheaders:`
			`headers:`
			`customResponseHeaders:`
			`X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"`
			`server: ""`
			`sslProxyHeaders:`
			`X-Forwarded-Proto: https`
			`referrerPolicy: "same-origin"`
			`hostsProxyHeaders:`
			`- "X-Forwarded-Host"`
			`customRequestHeaders:`
			`X-Forwarded-Proto: "https"`
			`X-Scheme: https`
			`contentTypeNosniff: true`
			`browserXssFilter: true`
			`forceSTSHeader: true`
			`stsIncludeSubdomains: true`
			`stsSeconds: 63072000`
			`stsPreload: true`
			`pihole:`
			`addprefix:`
			`prefix: "/admin"`
			`traefik-forward-auth:`
			`forwardauth:`
			`address: http://forwardauth:4181`
			`trustForwardHeader: true`
			`authResponseHeaders:`
			`- X-Forwarded-User`
			`traefik-forward-auth-privileged:`
			`forwardauth:`
			`address: http://forwardauth-privileged:4181`
			`trustForwardHeader: true`
			`authResponseHeaders:`
			`- X-Forwarded-User`
			`nextcloud-headers:`
			`headers:`
			`accessControlMaxAge: 100`
			`sslRedirect: true`
			`stsSeconds: 63072000`
			`stsIncludeSubdomains: true`
			`stsPreload: true`
			`forceSTSHeader: true`
			`customFrameOptionsValue: "SAMEORIGIN" #CSP takes care of this but may be needed for organizr.`
			`contentTypeNosniff: true`
			`browserXssFilter: true`
			`sslForceHost: true`
			`sslHost: "nextcloud.jafner.net"`
			`referrerPolicy: "no-referrer"`
			`#contentSecurityPolicy: "frame-ancestors '.example.com:';object-src 'none';script-src 'none';"`
			`featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"`
			`customResponseHeaders:`
			`X-Robots-Tag: "noindex, nofollow"`
			`server: ""`
			`nextcloud-redirect:`
			`redirectRegex:`
			`permanent: true`
			`regex: "https://(.*)/.well-known/(card\|cal)dav"`
			`replacement: "https://${1}/remote.php/dav/"`
			`keycloak:`
			`headers:`
			`customResponseHeaders:`
			`X-Robots-Tag: "noindex, nofollow"`
			`referrerPolicy: "same-origin"`
			`hostsProxyHeaders:`
			`- "X-Forwarded-Host"`
			`customRequestHeaders:`
			`X-Forwarded-Proto: "https"`
			`X-Scheme: https`

			`serversTransports:`
			`insecureskipverify:`
			`insecureSkipVerify: true`