From 93678f3a5727bc06a7be99d55b4a26902518840c Mon Sep 17 00:00:00 2001 From: Olivier Date: Fri, 13 Oct 2023 19:36:06 +0200 Subject: [PATCH] =?UTF-8?q?T=C3=A9l=C3=A9verser=20les=20fichiers=20vers=20?= =?UTF-8?q?"=5Ftraefik"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- _traefik/hyperpipe.yml | 176 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 _traefik/hyperpipe.yml diff --git a/_traefik/hyperpipe.yml b/_traefik/hyperpipe.yml new file mode 100644 index 0000000..bfbc756 --- /dev/null +++ b/_traefik/hyperpipe.yml @@ -0,0 +1,176 @@ +# 2023-10-13 + +http: + + + routers: + + pipedproxy: + entryPoints: + - https + rule: Host(`pipedproxy.domain.com`) + middlewares: + - hyperpipe@file + tls: {} + service: pipedproxy + + pipedapi: + entryPoints: + - https + rule: Host(`pipedapi.domain.com`) + middlewares: + - hyperpipe@file + tls: {} + service: pipedapi + + hyperpipeapi: + entryPoints: + - https + rule: Host(`hyperpipeapi.domain.com`) + middlewares: + - hyperpipe@file + tls: {} + service: hyperpipeapi + + piped: + entryPoints: + - https + rule: Host(`piped.domain.com`) + middlewares: + - hyperpipe@file + tls: {} + service: piped + + hyperpipe: + entryPoints: + - https + rule: Host(`hyperpipe.domain.com`) + middlewares: + - hyperpipe@file + tls: {} + service: hyperpipe + + + + services: + + pipedproxy: + loadBalancer: + servers: + - url: "http://xxx.xxx.xxx.xxx:8304/" + + pipedapi: + loadBalancer: + servers: + - url: "http://xxx.xxx.xxx.xxx:8304/" + + piped: + loadBalancer: + servers: + - url: "http://xxx.xxx.xxx.xxx:8304/" + + hyperpipeapi: + loadBalancer: + servers: + - url: "http://xxx.xxx.xxx.xxx:8305/" + + hyperpipe: + loadBalancer: + servers: + - url: "http://xxx.xxx.xxx.xxx:8306/" + + + + middlewares: + + hyperpipe-defaults: + headers: + frameDeny: false + browserXssFilter: false + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + contentsecuritypolicy: "\ + script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + img-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + font-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + connect-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + frame-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + media-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + child-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss: http: ws:;\ + object-src 'none';\ + " + + hyperpipe-security: + headers: + customRequestheaders: + X-Content-Type-Options: "" + customResponseHeaders: + X-Content-Type-Options: "" + Permissions-Policy: "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)" + X-Forwarded-Proto: https + X-Permitted-Cross-Domain-Policies: all + sslProxyHeaders: + X-Forwarded-Proto: https + referrerPolicy: strict-origin-when-cross-origin + + hyperpipe-cors: + headers: + customRequestHeaders: + Access-Control-Allow-Origin: "*" + Sec-Fetch-Site: cross-site + X-Forwarded-Proto: https + Access-Control-Allow-Headers: "*, Authorization" + customResponseHeaders: + Access-Control-Allow-Origin: "*" + Sec-Fetch-Site: cross-site + X-Forwarded-Proto: https + Access-Control-Allow-Headers: "*, Authorization" + accessControlAllowMethods: + - OPTIONS + - POST + - GET + - PUT + - DELETE + - PATCH + - FETCH + accessControlAllowHeaders: + - "*, Authorization" + accessControlExposeHeaders: + - "*, Authorization" + accessControlMaxAge: 100 + addVaryHeader: true + accessControlAllowCredentials: true + accessControlAllowOriginList: + - "*" + + hyperpipe-inflightreq: + inFlightReq: + amount: 4096 + + hyperpipe-ratelimit: + rateLimit: + average: 1024 + burst: 1024 + + hyperpipe-retry: + retry: + attempts: 64 + initialInterval: 100ms + + hyperpipe: + chain: + middlewares: + - httpsredirect + - ipwhitelist + - hyperpipe-inflightreq + - hyperpipe-ratelimit + - hyperpipe-retry + - autodetect + - hyperpipe-defaults + - hyperpipe-security + - hyperpipe-cors + - compress