Add lan-only middleware to traefik.jafner.chat

2023-03-26 11:44:14 -07:00 · 2023-03-26 11:44:14 -07:00 · 3bcef70845
commit 3bcef70845
parent 9ae6e8c160
3 changed files with 33 additions and 1 deletions
--- a/homelab/jafner-chat/config/traefik/config/middlewares.yaml
+++ b/homelab/jafner-chat/config/traefik/config/middlewares.yaml
@ -0,0 +1,26 @@
+http:
+  middlewares:
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.1/24"
+    securityheaders:
+      headers:
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
+          server: ""
+        sslProxyHeaders:
+          X-Forwarded-Proto: https
+        referrerPolicy: "same-origin"
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        customRequestHeaders:
+          X-Forwarded-Proto: "https"
+          X-Scheme: https
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsSeconds: 63072000
+        stsPreload: true
--- a/homelab/jafner-chat/config/traefik/config/tls.yaml
+++ b/homelab/jafner-chat/config/traefik/config/tls.yaml
@ -0,0 +1,4 @@
+tls:
+  options:
+    tls12:
+      minVersion: VersionTLS12
--- a/homelab/jafner-chat/config/traefik/config/traefik_api.yaml
+++ b/homelab/jafner-chat/config/traefik/config/traefik_api.yaml
@ -3,6 +3,8 @@ http:
    api:
      rule: "Host(`traefik.jafner.chat`)"
      entryPoints: "websecure"
+      middlewares: 
+       - "lan-only@file"
      service: "api@internal"
      tls:
-        certResolver: "lets-encrypt"
+        certResolver: "lets-encrypt"