homelab/ansible/archive/outputs/heimdall-baseline-20260312T214117/traefik_configs/middleware.yml

http:
  middlewares:
    # Security headers
    security-headers:
      headers:
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        frameDeny: true
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: "same-origin"

    # Rate limiting
    ratelimit-basic:
      rateLimit:
        average: 50
        burst: 100

    # Basic auth for dashboard
    dashboard-auth:
      basicAuth:
        users:
          - "chester:$apr1$hrRDQ/tR$ZwyxHOCDZjm/55GAs5/Ew1"

    # HTTPS redirect
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: true

    # Dashboard slash redirect
    dashboard-slash:
      redirectregex:
        regex: ^/dashboard$
        replacement: /dashboard/
        permanent: true