55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
---
|
|
# Traefik dynamic middleware configuration
|
|
# Managed by homelab-registry-mcp write path
|
|
# Source of truth: nodes/heimdall/core/traefik/dynamic/
|
|
# Do not edit /mnt/appdata/traefik/dynamic/ directly
|
|
|
|
http:
|
|
middlewares:
|
|
|
|
security-headers:
|
|
headers:
|
|
stsSeconds: 63072000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
frameDeny: true
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: "same-origin"
|
|
|
|
ratelimit-basic:
|
|
rateLimit:
|
|
average: 50
|
|
burst: 100
|
|
|
|
dashboard-auth:
|
|
basicAuth:
|
|
users:
|
|
- "chester:$2y$05$li5tJ0g9IN.QCfX1Q/QJu.ygbpuVQQmnEe1.jFdfFg9R8OvZiMNEi"
|
|
|
|
https-redirect:
|
|
redirectScheme:
|
|
scheme: https
|
|
permanent: true
|
|
|
|
dashboard-slash:
|
|
redirectregex:
|
|
regex: ^/dashboard$
|
|
replacement: /dashboard/
|
|
permanent: true
|
|
|
|
authentik-auth:
|
|
forwardAuth:
|
|
# If your Authentik container is on the same network as Traefik,
|
|
# use the container name. Otherwise, use the internal IP.
|
|
address: "http://10.0.0.151:9000/outpost.goauthentik.io/auth/traefik"
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
|