nemo
/
nebula
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

workaround for traefik bug 

- XFO/Ref policy can't be applied yet
This commit is contained in:
Nemo 2017-11-30 02:45:38 +05:30
parent fc1a2d544c
commit 357256cd11
2 changed files with 38 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docker/conf/traefik.toml
View File

@ -9,6 +9,12 @@ defaultEntryPoints = ["http", "https"]
# This is required for ACME support
[entryPoints.https.tls]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "bb8.fun"
watch = true
exposedbydefault = false
[file]
[backends]
@ -36,7 +42,6 @@ defaultEntryPoints = ["http", "https"]
SSLRedirect = true
SSLTemporaryRedirect = true
STSSeconds = 2592000
CustomFrameOptionsValue = "ALLOW-FROM https://muximux.bb8.fun/"
ContentTypeNosniff = true
BrowserXssFilter = true
ReferrerPolicy = "no-referrer"
@ -100,8 +105,4 @@ sans = [
"ebooks.bb8.fun",
]
[docker]
domain = "bb8.fun"
watch = true
exposedbydefault = false

72
docker/main.tf
View File

@ -7,13 +7,12 @@ resource docker_container "transmission" {
"traefik.port" = 9091
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
ports {
@ -63,13 +62,12 @@ resource docker_container "gitea" {
"traefik.port" = 3000
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
ports {
@ -143,13 +141,12 @@ resource "docker_container" "emby" {
"traefik.port" = 8096
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
memory = 2048
@ -191,13 +188,12 @@ resource "docker_container" "flexget" {
"traefik.port" = 5050
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
memory = 256
@ -239,13 +235,12 @@ resource "docker_container" "couchpotato" {
"traefik.port" = 5050
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
memory = 256
@ -368,13 +363,11 @@ resource "docker_container" "airsonic" {
"traefik.port" = 4040
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
}
@ -407,13 +400,12 @@ resource "docker_container" "sickrage" {
"traefik.port" = 8081
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
env = [
@ -452,13 +444,12 @@ resource "docker_container" "headphones" {
"traefik.port" = 8181
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
# lounge:tatooine
@ -498,16 +489,17 @@ resource "docker_container" "wiki" {
}
labels {
"traefik.frontend.rule" = "Host:wiki.bb8.fun"
"traefik.frontend.passHostHeader" = "true"
"traefik.port" = 9999
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
env = [
@ -560,13 +552,13 @@ resource "docker_container" "muximux" {
"traefik.port" = 80
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "${var.hsts_max_age}"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
# "traefik.frontend.headers.CustomFrameOptionsValue" = "ALLOW-FROM https://muximux.bb8.fun/"
# "traefik.frontend.headers.referrerPolicy" = "no-referrer"
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
}
# lounge:tatooine