123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- # Uncomment this line in order to enable debugging through logs
- # debug = true
- defaultEntryPoints = ["http", "https"]
- [entryPoints]
- [entryPoints.http]
- address = ":80"
- [entryPoints.http.redirect]
- entryPoint = "https"
- [entryPoints.https]
- address = ":443"
- [entryPoints.https.tls]
- MinVersion = "VersionTLS12"
- CurvePreferences = [
- "CurveP521",
- "CurveP384",
- "CurveP256"
- ]
- PreferServerCipherSuites = true
- CipherSuites = [
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
- "TLS_RSA_WITH_AES_256_GCM_SHA384",
- "TLS_RSA_WITH_AES_256_CBC_SHA"
- ]
- FrameDeny = false # here we don't want to deny frames since we have an embed
- STSIncludeSubdomains = true
- STSSeconds = 315360000
- STSPreload = true
- ContentTypeNosniff = true
- BrowserXssFilter = true
- # Enable ACME (Let's Encrypt): automatic SSL.
- [acme]
- # Email address used for registration.
- #
- # Required
- #
- email = "<MY EMAIL ADDRESS>"
- # File or key used for certificates storage.
- #
- # Required
- #
- storage = "/etc/acme.json"
- # or `storage = "traefik/acme/account"` if using KV store.
- # Entrypoint to proxy acme apply certificates to.
- # WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
- #
- # Required
- #
- entryPoint = "https"
- # Domains list.
- #
- [[acme.domains]]
- main = "<MY DOMAIN>"
- # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
- #
- # Optional but recommend
- #
- [acme.httpChallenge]
- # EntryPoint to use for the challenges.
- #
- # Required
- #
- entryPoint = "http"
|