http: middlewares: redirect-to-https: redirectScheme: scheme: https permanent: true hsts-minimal: headers: stsSeconds: 31536000 stsIncludeSubdomains: false stsPreload: false forceSTSHeader: true hsts-standard: headers: stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: false forceSTSHeader: true hsts-full: headers: stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: true forceSTSHeader: true # Redirect non-www URLs to their www equivalent # Use with traefik.http.routers.myRouter.middlewares: "redirect-non-www-to-www@file" # Source: https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/ redirect-non-www-to-www: # Redirect a request from an url to another with regex matching and replacement redirectregex: # Apply a permanent redirection (HTTP 301) permanent: true # The regular expression to match and capture elements from the request URL regex: "^https?://(?:www\\.)?(.+)" # How to modify the URL to have the new target URL replacement: "https://www.${1}" # Redirect www URLs to their non-www equivalent # Use with traefik.http.routers.myRouter.middlewares: "redirect-www-to-non-www@file" # Source: https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/ redirect-www-to-non-www: # Redirect a request from an url to another with regex matching and replacement redirectregex: # Apply a permanent redirection (HTTP 301) permanent: true # The regular expression to match and capture elements from the request URL regex: "^https?://www\\.(.+)" # How to modify the URL to have the new target URL replacement: "https://${1}" # default-headers: # headers: # frameDeny: true # browserXssFilter: true # contentTypeNosniff: true # forceSTSHeader: true # stsIncludeSubdomains: true # stsPreload: true # stsSeconds: 15552000 # customFrameOptionsValue: SAMEORIGIN # customRequestHeaders: # X-Forwarded-Proto: https # crowdsec: # plugin: # bouncer: # enabled: true # logLevel: INFO # updateIntervalSeconds: 15 # updateMaxFailure: 0 # defaultDecisionSeconds: 15 # httpTimeoutSeconds: 10 # crowdsecMode: stream # crowdsecAppsecEnabled: true # crowdsecAppsecHost: crowdsec:7422 # crowdsecAppsecFailureBlock: true # crowdsecAppsecUnreachableBlock: true # crowdsecLapiKey: #####REPLACE_API_KEY##### # Replace CrowdSec API key (docker exec crowdsec cscli bouncers add crowdsecBouncer) # crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo # crowdsecLapiHost: crowdsec:8080 # crowdsecLapiScheme: http # forwardedHeadersTrustedIPs: # - 10.0.35.4/32 # Cloudflare tunnel IP address # - 172.30.0.0/24 # Reverse Proxy IP address # clientTrustedIPs: # - 10.0.1.0/24 # Internal LAN IP addresses # - 10.0.2.0/24 # Internal LAN IP addresses # - 10.0.3.0/24 # Internal LAN IP addresses # - 10.0.4.0/24 # Internal LAN IP addresses # - 10.0.5.0/24 # Internal LAN IP addresses # forwardedHeadersCustomName: CF-Connecting-IP # Cloudflare IP address header # default-whitelist: # ipWhiteList: # sourceRange: # - "10.0.4.0/24" # - "192.168.0.0/16" # - "172.16.0.0/12" # secured: # chain: # middlewares: # - default-whitelist # - default-headers