Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1 (ingressroutes):
- ---
- # IngressRoutes for Traefik dashboard and backend API
- http:
- routers:
- # Traefik Dashboard IngressRoute
- dashboard:
- entryPoints:
- - websecure
- rule: "Host(`traefik.example.com`)"
- service: api@internal
- middlewares:
- - dashboard-auth@file
- tls:
- certResolver: letsencrypt
- # Backend API IngressRoute
- backend-api:
- entryPoints:
- - websecure
- rule: "Host(`backend.hackalyst.com`)"
- service: backend-svc
- middlewares:
- - rate-limit@file
- - secure-headers@file
- tls:
- certResolver: letsencrypt
- services:
- # Define the backend service
- backend-svc:
- loadBalancer:
- servers:
- - url: "http://hackalyst-backend:3000"
- 2 (middlewares):
- ---
- http:
- middlewares:
- # Basic authentication for Traefik dashboard
- dashboard-auth:
- basicAuth:
- users:
- # Will be injected by environment variable
- - "${TRAEFIK_DASHBOARD_CRED}"
- # Additional development middlewares
- dev-redirects:
- redirectRegex:
- regex: "^http://localhost/(.*)"
- replacement: "https://localhost/$1"
- permanent: true
- # IP whitelist for dashboard access
- dashboard-ipAllowList:
- ipAllowList:
- sourceRange:
- # Private LAN of the droplet (adjust as needed)
- - "10.0.0.0/8"
- - "172.16.0.0/12"
- - "192.168.0.0/16"
- # Add your admin IPs here
- - "203.0.113.1/32"
- - "70.49.131.141/32"
- # Rate limiting middleware
- rate-limit:
- rateLimit:
- average: 100
- burst: 50
- period: 1m
- # Security headers middleware
- secure-headers:
- headers:
- frameDeny: true
- sslRedirect: true
- browserXssFilter: true
- contentTypeNosniff: true
- forceSTSHeader: true
- stsIncludeSubdomains: true
- stsPreload: true
- stsSeconds: 31536000
- customFrameOptionsValue: "SAMEORIGIN"
- customRequestHeaders:
- X-Forwarded-Proto: "https"
- 3 (tls):
- ---
- # TLS configuration for secure connections
- tls:
- options:
- default:
- minVersion: VersionTLS12
- sniStrict: true
- cipherSuites:
- - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- # For development, we'll use auto-generated certificates
- # Comment out stores section for now since the certificate files don't exist
- # stores:
- # default:
- # defaultCertificate:
- # certFile: /etc/traefik/certs/cert.pem
- # keyFile: /etc/traefik/certs/key.pem
- # Certificate resolvers configuration moved to main traefik.yml
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
