infra-oasis21/traefik/traefik_dynamic.toml

[tls.options]
  [tls.options.tls12]
    minVersion = "VersionTLS12"
    cipherSuites = [
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_AES_256_GCM_SHA384",
      "TLS_CHACHA20_POLY1305_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    ]
    curvePreferences = ["CurveP521","CurveP384", "CurveP256"]

[http]
  [http.middlewares.hardening.headers]
    browserXssFilter = true
    contentTypeNosniff = true
    forceSTSHeader = true
    frameDeny = true
    stsIncludeSubdomains = true
    stsPreload = true
    customFrameOptionsValue = "ALLOW-FROM https://odoo.cooperative-oasis.org https://cloud.oasis21.org"
    referrerPolicy = "same-origin"
    permissionsPolicy = "vibrate='self'"
    stsSeconds = 315360000

  [http.middlewares.compression.compress]
    excludedContentTypes = ["text/event-stream"]

  [http.middlewares.allowFrameAndCORS.headers]
    customFrameOptionsValue = "ALLOW-FROM https://code.oasis21.org https://odoo.cooperative-oasis.org"
    contentSecurityPolicy = "frame-ancestors * cloud.oasis21.org https://odoo.cooperative-oasis.org"
    accessControlAllowHeaders = ["*"]
    accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
    accessControlAllowOriginList = ["*"]
    accessControlExposeHeaders = ["*"]

  [http.routers]
    [http.routers.coopoasis]
      entrypoints = "websecure"
      rule = "Host(`odoo.cooperative-oasis.org`) || Host(`pad.cooperative-oasis.org`) || Host(`test-odoo.cooperative-oasis.org`)"
      service = "coopoasis"

  [http.services]
    [http.services.coopoasis.loadBalancer]
      [[http.services.coopoasis.loadBalancer.servers]]
        url = "http://172.16.7.12/"