40 lines
1.8 KiB
YAML
40 lines
1.8 KiB
YAML
http:
|
|
middlewares:
|
|
crowdsec-bouncer:
|
|
forwardauth:
|
|
address: http://bouncer-traefik:8080/api/v1/forwardAuth
|
|
trustForwardHeader: true
|
|
# https://github.com/goauthentik/authentik/issues/2366
|
|
middlewares-authentik:
|
|
forwardAuth:
|
|
address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-meta-version
|
|
default-security-headers:
|
|
headers:
|
|
customBrowserXSSValue: 0 # X-XSS-Protection=1; mode=block
|
|
contentTypeNosniff: true # X-Content-Type-Options=nosniff
|
|
forceSTSHeader: true # Add the Strict-Transport-Security header even when the connection is HTTP
|
|
frameDeny: false # X-Frame-Options=deny
|
|
referrerPolicy: "strict-origin-when-cross-origin"
|
|
stsIncludeSubdomains: true # Add includeSubdomains to the Strict-Transport-Security header
|
|
stsPreload: true # Add preload flag appended to the Strict-Transport-Security header
|
|
stsSeconds: 3153600 # Set the max-age of the Strict-Transport-Security header (63072000 = 2 years)
|
|
contentSecurityPolicy: "default-src 'self'"
|
|
customRequestHeaders:
|
|
X-Forwarded-Proto: https
|
|
https-redirectscheme:
|
|
redirectScheme:
|
|
scheme: https
|
|
permanent: true |