41 lines
1.3 KiB
TOML
41 lines
1.3 KiB
TOML
[tls]
|
|
[tls.options]
|
|
[tls.options.default]
|
|
minVersion = "VersionTLS12"
|
|
sniStrict = true
|
|
cipherSuites = [
|
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
|
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
|
"TLS_AES_128_GCM_SHA256",
|
|
"TLS_AES_256_GCM_SHA384",
|
|
"TLS_CHACHA20_POLY1305_SHA256"
|
|
]
|
|
curvePreferences = ["CurveP521","CurveP384"]
|
|
|
|
[http]
|
|
[http.middlewares.compression.compress]
|
|
excludedContentTypes = ["text/event-stream"]
|
|
|
|
[http.middlewares.https-redirect.redirectScheme]
|
|
scheme = "https"
|
|
permanent = true
|
|
|
|
[http.middlewares.security.headers]
|
|
accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
|
|
accessControlAllowOrigin = "origin-list-or-null"
|
|
accessControlMaxAge = 100
|
|
addVaryHeader = true
|
|
browserXssFilter = true
|
|
contentTypeNosniff = true
|
|
forceSTSHeader = true
|
|
frameDeny = true
|
|
stsIncludeSubdomains = true
|
|
stsPreload = true
|
|
customFrameOptionsValue = "SAMEORIGIN"
|
|
referrerPolicy = "same-origin"
|
|
featurePolicy = "vibrate 'self'"
|
|
stsSeconds = 315360000
|