chore: upgrade reverseproxy role for use with vagrant and ssl

2025-11-07 11:52:41 +01:00 · 2025-11-07 11:52:41 +01:00 · 9e7b2b3b84
commit 9e7b2b3b84
parent a4aa64777e
7 changed files with 177 additions and 104 deletions
--- a/roles/reverseproxy/templates/middlewares.yml.j2
+++ b/roles/reverseproxy/templates/middlewares.yml.j2
@ -1,47 +1,11 @@
-{% if enable_dashboard %}
-api:
-  dashboard: true
-  insecure: true
-{% endif %}
-
-{% if enable_access_logs %}
-accessLog:
-  format: {{ access_log_format }}
-{% endif %}
-
-entryPoints:
-  web:
-    address: ":80"
-{% if use_ssl %}
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-{% endif %}
-  websecure:
-    address: ":443"
-
-providers:
-{% if use_static_services | default(false) %}
-  file:
-    filename: /etc/traefik/services.yml
-    watch: true
-{% endif %}
-{% if use_docker_provider | default(true) %}
-  docker:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-{% endif %}
-
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: admin@digitalboard.ch
-      storage: /letsencrypt/acme.json
-      httpChallenge:
-        entryPoint: web
-
-global:
-  checkNewVersion: false
-  sendAnonymousUsage: false
+http:
+  middlewares:
+    secure-headers:
+      headers:
+        frameDeny: true
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true