diff --git a/examples/traefik/docker-compose-command-config.yml b/examples/traefik/docker-compose-command-config.yml index 5fc8748..986c382 100644 --- a/examples/traefik/docker-compose-command-config.yml +++ b/examples/traefik/docker-compose-command-config.yml @@ -17,10 +17,12 @@ services: - "--entrypoints.http.address=:80" # entrypoint for unencrypted http - "--entrypoints.http.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32" # define cloudflare ip ranges as trusted - "--entrypoints.http.http.redirections.entryPoint.to=https" # automatic redirect from http to https + - "--entryPoints.http.http.underscoreHeadersStrategy=delete" # delete underscore headers for security reasons - "--entrypoints.http.http.redirections.entryPoint.scheme=https" # automatic redirect from http to https - "--entrypoints.https.address=:443" # entrypoint for encrypted https - "--entrypoints.https.forwardedHeaders.trustedIPs=103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32" # define cloudflare ip ranges as trusted - "--entrypoints.https.http.middlewares=security-headers@file,rate-limit@file" # define default middlewares for all proxy entries + - "--entryPoints.https.http.underscoreHeadersStrategy=delete" # delete underscore headers for security reasons - "--api.dashboard=true" # enable traefik api dashboard - "--api.insecure=true" # expose traefik api dashboard on TCP/8080 without need for router ####################################################