initialisation
This commit is contained in:
parent
d6fddabb6b
commit
bad764beb4
11
.env
Normal file
11
.env
Normal file
@ -0,0 +1,11 @@
|
||||
# 2025-02-25
|
||||
|
||||
VM_USER: 1000 # default uid
|
||||
VM_GROUP: 1000 # default gid
|
||||
|
||||
VM_IP: 1.2.3.4 # VM ip address
|
||||
VM_PORT_DOCKER: 1000 # VM docker socket proxy port number
|
||||
|
||||
VM_PORT_PANEL: 80 # external port number for panel
|
||||
VM_PORT_WINGS_HTTP: 8080 # external port number for wings
|
||||
VM_PORT_WINGS_SFTP: 2022 # external port number for sftp
|
107
conf/node/config.yml
Normal file
107
conf/node/config.yml
Normal file
@ -0,0 +1,107 @@
|
||||
debug: false
|
||||
app_name: [REDACTED]
|
||||
uuid: [REDACTED]
|
||||
token_id: cJU1GL3LmCFl9s8S
|
||||
token: [REDACTED (64 chars length)]
|
||||
api:
|
||||
host: 0.0.0.0
|
||||
port: 8080
|
||||
ssl:
|
||||
enabled: false
|
||||
cert: /etc/letsencrypt/live/[REDACTED (node.domain.com)]/fullchain.pem
|
||||
key: /etc/letsencrypt/live/[REDACTED (node.domain.com)]/privkey.pem
|
||||
disable_remote_download: false
|
||||
upload_limit: 100
|
||||
trusted_proxies: []
|
||||
system:
|
||||
root_directory: /var/lib/pterodactyl
|
||||
log_directory: /var/log/pterodactyl
|
||||
data: /var/lib/pterodactyl/volumes
|
||||
archive_directory: /var/lib/pterodactyl/archives
|
||||
backup_directory: /var/lib/pterodactyl/backups
|
||||
tmp_directory: /tmp/pterodactyl
|
||||
username: container
|
||||
timezone: UTC
|
||||
user:
|
||||
rootless:
|
||||
enabled: false
|
||||
container_uid: 0
|
||||
container_gid: 0
|
||||
uid: 1000
|
||||
gid: 1000
|
||||
disk_check_interval: 150
|
||||
activity_send_interval: 60
|
||||
activity_send_count: 100
|
||||
check_permissions_on_boot: true
|
||||
enable_log_rotate: true
|
||||
websocket_log_count: 150
|
||||
sftp:
|
||||
bind_address: 0.0.0.0
|
||||
bind_port: 2022
|
||||
read_only: false
|
||||
crash_detection:
|
||||
enabled: true
|
||||
detect_clean_exit_as_crash: true
|
||||
timeout: 60
|
||||
backups:
|
||||
write_limit: 0
|
||||
compression_level: best_speed
|
||||
transfers:
|
||||
download_limit: 0
|
||||
openat_mode: auto
|
||||
docker:
|
||||
network:
|
||||
interface: 172.173.0.1
|
||||
dns:
|
||||
- 1.1.1.1
|
||||
- 8.8.8.8
|
||||
- 1.0.0.1
|
||||
- 8.8.4.4
|
||||
name: wings
|
||||
ispn: false
|
||||
driver: bridge
|
||||
network_mode: wings
|
||||
is_internal: false
|
||||
enable_icc: true
|
||||
network_mtu: 1500
|
||||
interfaces:
|
||||
v4:
|
||||
subnet: 172.173.0.0/16
|
||||
gateway: 172.173.0.1
|
||||
v6:
|
||||
subnet: fdba:17c8:6c94::/64
|
||||
gateway: fdba:17c8:6c94::1011
|
||||
domainname: ""
|
||||
registries: {}
|
||||
tmpfs_size: 100
|
||||
container_pid_limit: 512
|
||||
installer_limits:
|
||||
memory: 1024
|
||||
cpu: 100
|
||||
overhead:
|
||||
override: false
|
||||
default_multiplier: 1.05
|
||||
multipliers: {}
|
||||
use_performant_inspect: true
|
||||
userns_mode: ""
|
||||
log_config:
|
||||
type: local
|
||||
config:
|
||||
compress: "false"
|
||||
max-file: "1"
|
||||
max-size: 5m
|
||||
mode: non-blocking
|
||||
throttles:
|
||||
enabled: true
|
||||
lines: 2000
|
||||
line_reset_interval: 100
|
||||
remote: [REDACTED (https://panel.domain.com)]
|
||||
remote_query:
|
||||
timeout: 30
|
||||
boot_servers_per_page: 50
|
||||
allowed_mounts:
|
||||
- /opt/docker/pterodactyl/mounts
|
||||
allowed_origins:
|
||||
- '*'
|
||||
allow_cors_private_network: true
|
||||
ignore_panel_config_updates: false
|
110
conf/panel/nginx/panel.conf
Normal file
110
conf/panel/nginx/panel.conf
Normal file
@ -0,0 +1,110 @@
|
||||
# 2025-02-25
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
|
||||
root /app/public;
|
||||
index index.html index.htm index.php;
|
||||
charset utf-8;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass 127.0.0.1:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
fastcgi_intercept_errors off;
|
||||
fastcgi_buffer_size 128k;
|
||||
fastcgi_buffers 256 16k;
|
||||
fastcgi_busy_buffers_size 256k;
|
||||
fastcgi_temp_file_write_size 256k;
|
||||
fastcgi_connect_timeout 300;
|
||||
fastcgi_send_timeout 300;
|
||||
fastcgi_read_timeout 300;
|
||||
}
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/pterodactyl.app-error.log error;
|
||||
|
||||
sendfile off;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
open_file_cache max=200000 inactive=20s;
|
||||
open_file_cache_valid 30s;
|
||||
open_file_cache_min_uses 2;
|
||||
open_file_cache_errors on;
|
||||
|
||||
client_max_body_size 100m;
|
||||
client_body_timeout 120s;
|
||||
client_header_timeout 120s;
|
||||
keepalive_timeout 120s;
|
||||
send_timeout 120s;
|
||||
reset_timedout_connection on;
|
||||
keepalive_requests 100000;
|
||||
|
||||
client_body_buffer_size 128k;
|
||||
client_header_buffer_size 1k;
|
||||
|
||||
gzip on;
|
||||
gzip_min_length 10240;
|
||||
gzip_comp_level 1;
|
||||
gzip_vary on;
|
||||
gzip_disable msie6;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
gzip_types
|
||||
text/css
|
||||
text/javascript
|
||||
text/xml
|
||||
text/plain
|
||||
text/x-component
|
||||
application/javascript
|
||||
application/x-javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/rss+xml
|
||||
application/atom+xml
|
||||
font/truetype
|
||||
font/opentype
|
||||
application/vnd.ms-fontobject
|
||||
image/svg+xml;
|
||||
|
||||
location = /favicon.ico {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~* /(system|vendor)/.*\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~* /user/.*\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) {
|
||||
return 403;
|
||||
}
|
||||
}
|
0
datas/common/archives/.keep
Normal file
0
datas/common/archives/.keep
Normal file
0
datas/common/backups/.keep
Normal file
0
datas/common/backups/.keep
Normal file
0
datas/common/letsencrypt/renewal-hooks/.keep
Normal file
0
datas/common/letsencrypt/renewal-hooks/.keep
Normal file
0
datas/common/volumes/.keep
Normal file
0
datas/common/volumes/.keep
Normal file
0
datas/node/logs/install/.keep
Normal file
0
datas/node/logs/install/.keep
Normal file
0
datas/node/tmp/.keep
Normal file
0
datas/node/tmp/.keep
Normal file
21
datas/panel/appvar/.env
Normal file
21
datas/panel/appvar/.env
Normal file
@ -0,0 +1,21 @@
|
||||
APP_KEY=[REDACTED (32 chars length)]
|
||||
APP_TIMEZONE=UTC
|
||||
RECAPTCHA_ENABLED=false
|
||||
APP_CORS_ALLOWED_ORIGINS=*
|
||||
HASHIDS_SALT=uWWcuQNxWoC7UtinFC4R
|
||||
APP_SERVICE_AUTHOR="[REDACTED (owner's email)]"
|
||||
APP_URL="[REDACTED (https://panel.domain.com)]"
|
||||
CACHE_DRIVER=redis
|
||||
SESSION_DRIVER=redis
|
||||
QUEUE_CONNECTION=redis
|
||||
APP_ENVIRONMENT_ONLY=false
|
||||
PTERODACTYL_TELEMETRY_ENABLED=false
|
||||
SESSION_SECURE_COOKIE=true
|
||||
REDIS_HOST=[REDACTED (redis ip)]
|
||||
REDIS_PASSWORD=null
|
||||
REDIS_PORT=[REDACTED (redis port)]
|
||||
DB_HOST=[REDACTED (database ip)]
|
||||
DB_PORT=[REDACTED (database port)]
|
||||
DB_DATABASE=pterodactyl
|
||||
DB_USERNAME=[REDACTED (database username)]
|
||||
DB_PASSWORD=[REDACTED (database password)]
|
0
datas/panel/certs/.keep
Normal file
0
datas/panel/certs/.keep
Normal file
0
datas/panel/logs/.keep
Normal file
0
datas/panel/logs/.keep
Normal file
145
docker-compose.yml
Normal file
145
docker-compose.yml
Normal file
@ -0,0 +1,145 @@
|
||||
#
|
||||
# updated: 2025-02-25
|
||||
# stack: pterodactyl
|
||||
#
|
||||
|
||||
x-defaults: &defaults
|
||||
environment:
|
||||
TZ: "UTC"
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
# DOCKER_HOST: "unix:///var/run/docker.sock"
|
||||
DOCKER_HOST: "tcp://${VM_IP}:${VM_PORT_DOCKER}"
|
||||
logging:
|
||||
driver: local
|
||||
user: ${VM_USER}:${VM_GROUP}
|
||||
privileged: false
|
||||
read_only: false
|
||||
security_opt:
|
||||
- no-new-privileges=true
|
||||
ipc: "private"
|
||||
restart: unless-stopped
|
||||
stdin_open: false
|
||||
tty: false
|
||||
dns:
|
||||
- 1.1.1.1
|
||||
- 1.0.0.1
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
healthcheck:
|
||||
interval: 60s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 60s
|
||||
labels:
|
||||
traefik.docker.network: traefik
|
||||
com.centurylinklabs.watchtower.enable: true
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "1.0"
|
||||
memory: 64M
|
||||
tmpfs:
|
||||
- /tmp:rw,size=64M
|
||||
networks:
|
||||
- dockerproxy
|
||||
volumes:
|
||||
- /etc/localtime:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /proc/cgroups:/cgroup:rw
|
||||
# - /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
||||
networks:
|
||||
dockerproxy:
|
||||
external: true
|
||||
pterodactyl:
|
||||
name: pterodactyl
|
||||
driver: bridge
|
||||
enable_ipv6: false
|
||||
driver_opts:
|
||||
com.docker.network.driver.mtu: 1500
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 171.172.0.0/16
|
||||
node:
|
||||
name: node
|
||||
driver: bridge
|
||||
enable_ipv6: false
|
||||
ipam:
|
||||
config:
|
||||
- subnet: "172.172.0.0/16"
|
||||
driver_opts:
|
||||
com.docker.network.bridge.name: node
|
||||
com.docker.network.driver.mtu: 1500
|
||||
|
||||
services:
|
||||
panel:
|
||||
<<: *defaults
|
||||
user: 0:0
|
||||
container_name: panel
|
||||
hostname: panel
|
||||
image: ghcr.io/pterodactyl/panel:latest
|
||||
restart: always
|
||||
ports:
|
||||
- "${VM_PORT_PANEL}:80"
|
||||
expose:
|
||||
- "80"
|
||||
networks:
|
||||
- pterodactyl
|
||||
healthcheck:
|
||||
test: uname -a || exit 1
|
||||
env_file:
|
||||
- ./env/pterodactyl.env
|
||||
- ./env/panel.env
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "${PROCESSORS}"
|
||||
memory: 1G
|
||||
tmpfs:
|
||||
- /tmp:rw,noexec,nosuid,size=512M
|
||||
volumes:
|
||||
- ./conf/panel/nginx/:/etc/nginx/http.d/:rw
|
||||
- ./datas/common/letsencrypt/:/etc/letsencrypt/:rw
|
||||
- ./datas/panel/appvar/:/app/var/:rw
|
||||
- ./datas/panel/logs/:/app/storage/logs:rw
|
||||
|
||||
node:
|
||||
<<: *defaults
|
||||
user: 0:0
|
||||
container_name: node
|
||||
hostname: node
|
||||
image: ghcr.io/pterodactyl/wings:latest
|
||||
restart: always
|
||||
depends_on:
|
||||
panel:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "${VM_PORT_WINGS_HTTP}:8080"
|
||||
- "${VM_PORT_WINGS_SFTP}:2022"
|
||||
expose:
|
||||
- "8080"
|
||||
- "2022"
|
||||
networks:
|
||||
- pterodactyl
|
||||
- node
|
||||
healthcheck:
|
||||
test: ["CMD", "/usr/bin/wings", "version"]
|
||||
env_file:
|
||||
- ./env/pterodactyl.env
|
||||
- ./env/node.env
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "${PROCESSORS}"
|
||||
memory: 8G
|
||||
volumes:
|
||||
- /etc/ssl/certs:/etc/ssl/certs:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /var/lib/docker/containers:/var/lib/docker/containers:rw
|
||||
- ./conf/node:/etc/pterodactyl:rw
|
||||
- ./datas/common/letsencrypt/:/etc/letsencrypt/:rw
|
||||
- ./datas/common:/var/lib/pterodactyl:rw
|
||||
- ./datas/node/logs:/var/log/pterodactyl:rw
|
||||
- ./datas/node/tmp:/tmp/pterodactyl/:rw
|
5
env/node.env
vendored
Normal file
5
env/node.env
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
# 2025-02-25
|
||||
|
||||
WINGS_UID: 1000
|
||||
WINGS_GID: 1000
|
||||
WINGS_USERNAME: container
|
31
env/panel.env
vendored
Normal file
31
env/panel.env
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
# 2025-02-25
|
||||
|
||||
PTERODACTYL_TELEMETRY_ENABLED: "false"
|
||||
|
||||
APP_ENV: "production"
|
||||
APP_ENVIRONMENT_ONLY: "false"
|
||||
APP_SERVICE_AUTHOR: "[REDACTED (responsible's email)]"
|
||||
|
||||
APP_URL: "[REDACTED (https://panel.domain.com)]"
|
||||
TRUSTED_PROXIES: "*"
|
||||
|
||||
DB_HOST: "[REDACTED (database ip)]"
|
||||
DB_PORT: "[REDACTED (database port)]"
|
||||
DB_DATABASE: "pterodactyl"
|
||||
DB_USERNAME: "[REDACTED (database username)]"
|
||||
DB_PASSWORD: "[REDACTED (database password)]"
|
||||
|
||||
REDIS_HOST: "[REDACTED (redis ip)]"
|
||||
REDIS_PORT: "[REDACTED (redis port)]"
|
||||
|
||||
MAIL_HOST: "[REDACTED (mailer's ip)]"
|
||||
MAIL_PORT: "[REDACTED (mailer's smtp port)]"
|
||||
MAIL_DRIVER: "smtp"
|
||||
MAIL_ENCRYPTION: "true"
|
||||
MAIL_FROM: "[REDACTED (owner's email)]"
|
||||
MAIL_USERNAME: "[REDACTED (owner's email username)]"
|
||||
MAIL_PASSWORD: "[REDACTED (owner's email password)]"
|
||||
|
||||
CACHE_DRIVER: "redis"
|
||||
SESSION_DRIVER: "redis"
|
||||
QUEUE_DRIVER: "redis"
|
3
env/pterodactyl.env
vendored
Normal file
3
env/pterodactyl.env
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
# 2025-02-25
|
||||
|
||||
APP_TIMEZONE: "UTC"
|
49
scripts/init.sh
Normal file
49
scripts/init.sh
Normal file
@ -0,0 +1,49 @@
|
||||
#!/bin/sh
|
||||
# 2025-02-25
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script must be run as root" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CWD=/opt/docker/pterodactyl/scripts
|
||||
PTERODACTYL=$(realpath $CWD/../)
|
||||
|
||||
#
|
||||
# Choosen mode is to remove existing folders and symbolic links
|
||||
# to be able to recreate good ones.
|
||||
#
|
||||
|
||||
#
|
||||
# Remove existing settings
|
||||
#
|
||||
|
||||
if [ -L /var/lib/pterodactyl/volumes ]; then
|
||||
rm -f /var/lib/pterodactyl/volumes
|
||||
fi
|
||||
|
||||
if [ -L /var/log/pterodactyl ]; then
|
||||
rm -f /var/log/pterodactyl
|
||||
fi
|
||||
|
||||
if [ -L /tmp/pterodactyl ]; then
|
||||
rm -rf /tmp/pterodactyl
|
||||
fi
|
||||
|
||||
if [ -d /var/lib/pterodactyl ]; then
|
||||
rmdir /var/lib/pterodactyl
|
||||
fi
|
||||
|
||||
|
||||
# Create required settings
|
||||
mkdir -p /var/lib/pterodactyl
|
||||
ln -s $PTERODACTYL/datas/common/volumes /var/lib/pterodactyl/volumes
|
||||
ln -s $PTERODACTYL/datas/node/tmp /tmp/pterodactyl
|
||||
ln -s $PTERODACTYL/datas/node/logs /var/log/pterodactyl
|
||||
|
||||
# Adjust owner (user:group)
|
||||
chown -R 1000:1000 /var/lib/pterodactyl
|
||||
chown -R 1000:1000 /var/log/pterodactyl
|
||||
chown -R 1000:1000 /tmp/pterodactyl
|
||||
|
||||
exit 0
|
190
traefik/pterodactyl.yml
Normal file
190
traefik/pterodactyl.yml
Normal file
@ -0,0 +1,190 @@
|
||||
# 2025-02-25
|
||||
|
||||
http:
|
||||
routers:
|
||||
panel:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`panel.domain.com`)
|
||||
middlewares:
|
||||
- corsall@file
|
||||
- standard@file
|
||||
tls:
|
||||
certResolver: letsencrypt
|
||||
service: panel@file
|
||||
|
||||
node:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`node.domain.com`)
|
||||
middlewares:
|
||||
- corsall@file
|
||||
- standard@file
|
||||
tls:
|
||||
certResolver: letsencrypt
|
||||
service: node@file
|
||||
|
||||
services:
|
||||
panel:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://[REDACTED: VM_IP]:[REDACTED: VM_PORT_PANEL]"
|
||||
node:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://[REDACTED: VM_IP]:[REDACTER: VM_PORT_WINGS_HTTP]"
|
||||
|
||||
middlewares:
|
||||
|
||||
corsall:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
Access-Control-Allow-Origin: origin-list-or-null
|
||||
Sec-Fetch-Site: cross-site
|
||||
X-Forwarded-Proto: https
|
||||
Access-Control-Allow-Headers: "*, Authorization"
|
||||
customResponseHeaders:
|
||||
Access-Control-Allow-Origin: "*"
|
||||
Sec-Fetch-Site: cross-site
|
||||
X-Forwarded-Proto: https
|
||||
Access-Control-Allow-Headers: "*, Authorization"
|
||||
accessControlAllowMethods:
|
||||
- OPTIONS
|
||||
- POST
|
||||
- GET
|
||||
- PUT
|
||||
- DELETE
|
||||
- PATCH
|
||||
accessControlAllowHeaders:
|
||||
- "*, Authorization"
|
||||
accessControlExposeHeaders:
|
||||
- "*, Authorization"
|
||||
accessControlMaxAge: 100
|
||||
addVaryHeader: true
|
||||
accessControlAllowCredentials: true
|
||||
accessControlAllowOriginList:
|
||||
- "*"
|
||||
|
||||
autodetect:
|
||||
ContentType: {}
|
||||
|
||||
compress:
|
||||
compress:
|
||||
minResponseBodyBytes: 64
|
||||
excludedContentTypes:
|
||||
- text/event-stream
|
||||
- image/gif
|
||||
- image/jpeg
|
||||
- image/pjpeg
|
||||
- image/png
|
||||
- image/svg+xml
|
||||
- image/webp
|
||||
- image/vnd.microsoft.icon
|
||||
- image/vnd.djvu
|
||||
- image/svg+xml
|
||||
- audio/wave
|
||||
- audio/wav
|
||||
- audio/x-wav
|
||||
- audio/x-pn-wav
|
||||
- audio/webm
|
||||
- audio/ogg
|
||||
- audio/mpeg
|
||||
- audio/x-ms-wma
|
||||
- audio/vnd.rn-realaudio
|
||||
- audio/x-wav
|
||||
- video/webm
|
||||
- video/ogg
|
||||
- video/mpeg
|
||||
- video/mp4
|
||||
- video/quicktime
|
||||
- video/x-ms-wmv
|
||||
- video/x-msvideo
|
||||
- video/x-flv
|
||||
- video/web
|
||||
- application/ogg
|
||||
- application/octet-stream
|
||||
- application/pdf
|
||||
- application/x-shockwave-flash
|
||||
- application/zip
|
||||
- application/json
|
||||
- media
|
||||
|
||||
httpsredirect:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
|
||||
ratelimit:
|
||||
rateLimit:
|
||||
average: 128
|
||||
burst: 256
|
||||
|
||||
defaults:
|
||||
headers:
|
||||
frameDeny: false
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
browserXssFilter: false
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
stsSeconds: 15552000
|
||||
customRequestheaders:
|
||||
Alt-Svc: "h3=':443'; ma=86400"
|
||||
customResponseHeaders:
|
||||
Alt-Svc: "h3=':443'; ma=86400"
|
||||
|
||||
csp:
|
||||
headers:
|
||||
contentsecuritypolicy: "\
|
||||
connect-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
script-src 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
img-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
font-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
frame-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
child-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
media-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
object-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
frame-ancestors 'self' blob: data: wss: ws: *.domain.com https: http:;\
|
||||
"
|
||||
|
||||
security:
|
||||
headers:
|
||||
customRequestheaders:
|
||||
X-Content-Type-Options: ""
|
||||
X-Forwarded-Proto: https
|
||||
customResponseHeaders:
|
||||
Permissions-Policy: "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)"
|
||||
X-Forwarded-Proto: https
|
||||
X-Permitted-Cross-Domain-Policies: "none"
|
||||
X-Content-Type-Options: ""
|
||||
sslProxyHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
referrerPolicy: strict-origin-when-cross-origin
|
||||
|
||||
manageheaders:
|
||||
headers:
|
||||
customResponseHeaders:
|
||||
Server: ""
|
||||
X-Powered-By: ""
|
||||
Pragma: ""
|
||||
X-Cacheable: ""
|
||||
X-Cache: ""
|
||||
X-Cache-Hits: ""
|
||||
|
||||
common:
|
||||
chain:
|
||||
middlewares:
|
||||
- httpsredirect@file
|
||||
- ratelimit@file
|
||||
- defaults@file
|
||||
- csp@file
|
||||
- security@file
|
||||
- manageheaders@file
|
||||
- autodetect@file
|
||||
|
||||
standard:
|
||||
chain:
|
||||
middlewares:
|
||||
- compress@file
|
||||
- common@file
|
Loading…
x
Reference in New Issue
Block a user