35 lines
1.1 KiB
TOML
35 lines
1.1 KiB
TOML
|
[tls.options]
|
||
|
[tls.options.tls12]
|
||
|
minVersion = "VersionTLS12"
|
||
|
cipherSuites = [
|
||
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||
|
"TLS_AES_256_GCM_SHA384",
|
||
|
"TLS_CHACHA20_POLY1305_SHA256",
|
||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
|
||
|
]
|
||
|
curvePreferences = ["CurveP521","CurveP384", "CurveP256"]
|
||
|
|
||
|
[http]
|
||
|
[http.middlewares.hardening.headers]
|
||
|
browserXssFilter = true
|
||
|
contentTypeNosniff = true
|
||
|
forceSTSHeader = true
|
||
|
frameDeny = true
|
||
|
stsIncludeSubdomains = true
|
||
|
stsPreload = true
|
||
|
customFrameOptionsValue = "SAMEORIGIN"
|
||
|
referrerPolicy = "same-origin"
|
||
|
permissionsPolicy = "vibrate='self'"
|
||
|
stsSeconds = 315360000
|
||
|
|
||
|
[http.middlewares.compression.compress]
|
||
|
excludedContentTypes = ["text/event-stream"]
|
||
|
|
||
|
[http.middlewares.allowFrameAndCORS.headers]
|
||
|
contentSecurityPolicy = "frame-ancestors *"
|
||
|
accessControlAllowHeaders = ["*"]
|
||
|
accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
|
||
|
accessControlAllowOriginList = ["*"]
|
||
|
accessControlExposeHeaders = ["*"]
|