35 lines
1.1 KiB
Django/Jinja
35 lines
1.1 KiB
Django/Jinja
[tls.options]
|
|
[tls.options.tls12]
|
|
minVersion = "VersionTLS12"
|
|
cipherSuites = [
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
|
"TLS_AES_256_GCM_SHA384",
|
|
"TLS_CHACHA20_POLY1305_SHA256",
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
|
|
]
|
|
curvePreferences = ["CurveP521", "CurveP384", "CurveP256"]
|
|
|
|
[http]
|
|
[http.middlewares.hardening.headers]
|
|
browserXssFilter = true
|
|
contentTypeNosniff = true
|
|
forceSTSHeader = true
|
|
frameDeny = true
|
|
stsIncludeSubdomains = true
|
|
stsPreload = true
|
|
customFrameOptionsValue = "SAMEORIGIN"
|
|
referrerPolicy = "same-origin"
|
|
featurePolicy = "vibrate 'self'"
|
|
stsSeconds = 315360000
|
|
|
|
[http.middlewares.compression.compress]
|
|
excludedContentTypes = ["text/event-stream"]
|
|
|
|
[http.middlewares.allowFrameAndCORS.headers]
|
|
contentSecurityPolicy = "frame-ancestors *"
|
|
accessControlAllowHeaders = ["*"]
|
|
accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
|
|
accessControlAllowOriginList = ["*"]
|
|
accessControlExposeHeaders = ["*"]
|