valknar/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
23fbae0228f6b480379bfa00e0d718ae03d45409
docker-compose/proxy/dynamic/security.yaml
Sebastian Krüger d3850e559a refactor: use inline basicauth for Traefik dashboard 
Changed dashboard authentication to use inline basicauth
like Scrapy instead of external .htpasswd file:

**Changes:**
- Updated proxy labels to use basicauth.users=${PROXY_AUTH_USERS}
- Removed .htpasswd file and auth directory
- Removed dashboard-auth middleware from security.yaml
- Removed .htpasswd volume mount from compose.yaml

**Benefits:**
- Consistent with Scrapy authentication pattern
- Simpler configuration (no external files)
- Auth credentials managed centrally via .env

Dashboard accessible at: https://proxy.pivoine.art
Credentials: valknar / ragnarok98 (via PROXY_AUTH_USERS)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-06 08:35:43 +01:00

62 lines
1.7 KiB
YAML
Raw Blame History

tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
http:
middlewares:
# Security Headers Middleware
security-headers:
headers:
# HSTS (HTTP Strict Transport Security)
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
# Force HTTPS
forceSTSHeader: true
# Clickjacking protection
customFrameOptionsValue: "SAMEORIGIN"
# XSS Protection
browserXssFilter: true
# Content Type sniffing protection
contentTypeNosniff: true
# Referrer Policy
referrerPolicy: "strict-origin-when-cross-origin"
# Permissions Policy (formerly Feature Policy)
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
Permissions-Policy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()"
X-Content-Type-Options: "nosniff"
X-Frame-Options: "SAMEORIGIN"
# Rate Limiting Middleware (optional, can be applied per service)
rate-limit:
rateLimit:
average: 100
burst: 50
period: 1s
# Rate Limiting for API endpoints (stricter)
api-rate-limit:
rateLimit:
average: 30
burst: 15
period: 1s
Reference in New Issue View Git Blame Copy Permalink