From 3bcef708452149c86f8229499c788659b88dc2be Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Sun, 26 Mar 2023 11:44:14 -0700 Subject: [PATCH] Add lan-only middleware to traefik.jafner.chat --- .../config/traefik/config/middlewares.yaml | 26 +++++++++++++++++++ .../config/traefik/config/tls.yaml | 4 +++ .../config/traefik/config/traefik_api.yaml | 4 ++- 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 homelab/jafner-chat/config/traefik/config/middlewares.yaml create mode 100644 homelab/jafner-chat/config/traefik/config/tls.yaml diff --git a/homelab/jafner-chat/config/traefik/config/middlewares.yaml b/homelab/jafner-chat/config/traefik/config/middlewares.yaml new file mode 100644 index 00000000..9c62b3eb --- /dev/null +++ b/homelab/jafner-chat/config/traefik/config/middlewares.yaml @@ -0,0 +1,26 @@ +http: + middlewares: + lan-only: + ipWhiteList: + sourceRange: + - "127.0.0.1/32" + - "192.168.1.1/24" + securityheaders: + headers: + customResponseHeaders: + X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" + server: "" + sslProxyHeaders: + X-Forwarded-Proto: https + referrerPolicy: "same-origin" + hostsProxyHeaders: + - "X-Forwarded-Host" + customRequestHeaders: + X-Forwarded-Proto: "https" + X-Scheme: https + contentTypeNosniff: true + browserXssFilter: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsSeconds: 63072000 + stsPreload: true diff --git a/homelab/jafner-chat/config/traefik/config/tls.yaml b/homelab/jafner-chat/config/traefik/config/tls.yaml new file mode 100644 index 00000000..17fc206d --- /dev/null +++ b/homelab/jafner-chat/config/traefik/config/tls.yaml @@ -0,0 +1,4 @@ +tls: + options: + tls12: + minVersion: VersionTLS12 \ No newline at end of file diff --git a/homelab/jafner-chat/config/traefik/config/traefik_api.yaml b/homelab/jafner-chat/config/traefik/config/traefik_api.yaml index 990e2198..f4cfdb3b 100644 --- a/homelab/jafner-chat/config/traefik/config/traefik_api.yaml +++ b/homelab/jafner-chat/config/traefik/config/traefik_api.yaml @@ -3,6 +3,8 @@ http: api: rule: "Host(`traefik.jafner.chat`)" entryPoints: "websecure" + middlewares: + - "lan-only@file" service: "api@internal" tls: - certResolver: "lets-encrypt" \ No newline at end of file + certResolver: "lets-encrypt"