191 lines
5.8 KiB
YAML
191 lines
5.8 KiB
YAML
# 2025-02-25
|
|
|
|
http:
|
|
routers:
|
|
panel:
|
|
entryPoints:
|
|
- https
|
|
rule: Host(`panel.domain.com`)
|
|
middlewares:
|
|
- corsall@file
|
|
- standard@file
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: panel@file
|
|
|
|
node:
|
|
entryPoints:
|
|
- https
|
|
rule: Host(`node.domain.com`)
|
|
middlewares:
|
|
- corsall@file
|
|
- standard@file
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: node@file
|
|
|
|
services:
|
|
panel:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://[REDACTED: VM_IP]:[REDACTED: VM_PORT_PANEL]"
|
|
node:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://[REDACTED: VM_IP]:[REDACTER: VM_PORT_WINGS_HTTP]"
|
|
|
|
middlewares:
|
|
|
|
corsall:
|
|
headers:
|
|
customRequestHeaders:
|
|
Access-Control-Allow-Origin: origin-list-or-null
|
|
Sec-Fetch-Site: cross-site
|
|
X-Forwarded-Proto: https
|
|
Access-Control-Allow-Headers: "*, Authorization"
|
|
customResponseHeaders:
|
|
Access-Control-Allow-Origin: "*"
|
|
Sec-Fetch-Site: cross-site
|
|
X-Forwarded-Proto: https
|
|
Access-Control-Allow-Headers: "*, Authorization"
|
|
accessControlAllowMethods:
|
|
- OPTIONS
|
|
- POST
|
|
- GET
|
|
- PUT
|
|
- DELETE
|
|
- PATCH
|
|
accessControlAllowHeaders:
|
|
- "*, Authorization"
|
|
accessControlExposeHeaders:
|
|
- "*, Authorization"
|
|
accessControlMaxAge: 100
|
|
addVaryHeader: true
|
|
accessControlAllowCredentials: true
|
|
accessControlAllowOriginList:
|
|
- "*"
|
|
|
|
autodetect:
|
|
ContentType: {}
|
|
|
|
compress:
|
|
compress:
|
|
minResponseBodyBytes: 64
|
|
excludedContentTypes:
|
|
- text/event-stream
|
|
- image/gif
|
|
- image/jpeg
|
|
- image/pjpeg
|
|
- image/png
|
|
- image/svg+xml
|
|
- image/webp
|
|
- image/vnd.microsoft.icon
|
|
- image/vnd.djvu
|
|
- image/svg+xml
|
|
- audio/wave
|
|
- audio/wav
|
|
- audio/x-wav
|
|
- audio/x-pn-wav
|
|
- audio/webm
|
|
- audio/ogg
|
|
- audio/mpeg
|
|
- audio/x-ms-wma
|
|
- audio/vnd.rn-realaudio
|
|
- audio/x-wav
|
|
- video/webm
|
|
- video/ogg
|
|
- video/mpeg
|
|
- video/mp4
|
|
- video/quicktime
|
|
- video/x-ms-wmv
|
|
- video/x-msvideo
|
|
- video/x-flv
|
|
- video/web
|
|
- application/ogg
|
|
- application/octet-stream
|
|
- application/pdf
|
|
- application/x-shockwave-flash
|
|
- application/zip
|
|
- application/json
|
|
- media
|
|
|
|
httpsredirect:
|
|
redirectScheme:
|
|
scheme: https
|
|
|
|
ratelimit:
|
|
rateLimit:
|
|
average: 128
|
|
burst: 256
|
|
|
|
defaults:
|
|
headers:
|
|
frameDeny: false
|
|
customFrameOptionsValue: SAMEORIGIN
|
|
browserXssFilter: false
|
|
forceSTSHeader: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 15552000
|
|
customRequestheaders:
|
|
Alt-Svc: "h3=':443'; ma=86400"
|
|
customResponseHeaders:
|
|
Alt-Svc: "h3=':443'; ma=86400"
|
|
|
|
csp:
|
|
headers:
|
|
contentsecuritypolicy: "\
|
|
connect-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
script-src 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
img-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
font-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
frame-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
child-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
media-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
object-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' blob: data: wss: ws: *.domain.com https: http:;\
|
|
frame-ancestors 'self' blob: data: wss: ws: *.domain.com https: http:;\
|
|
"
|
|
|
|
security:
|
|
headers:
|
|
customRequestheaders:
|
|
X-Content-Type-Options: ""
|
|
X-Forwarded-Proto: https
|
|
customResponseHeaders:
|
|
Permissions-Policy: "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)"
|
|
X-Forwarded-Proto: https
|
|
X-Permitted-Cross-Domain-Policies: "none"
|
|
X-Content-Type-Options: ""
|
|
sslProxyHeaders:
|
|
X-Forwarded-Proto: https
|
|
referrerPolicy: strict-origin-when-cross-origin
|
|
|
|
manageheaders:
|
|
headers:
|
|
customResponseHeaders:
|
|
Server: ""
|
|
X-Powered-By: ""
|
|
Pragma: ""
|
|
X-Cacheable: ""
|
|
X-Cache: ""
|
|
X-Cache-Hits: ""
|
|
|
|
common:
|
|
chain:
|
|
middlewares:
|
|
- httpsredirect@file
|
|
- ratelimit@file
|
|
- defaults@file
|
|
- csp@file
|
|
- security@file
|
|
- manageheaders@file
|
|
- autodetect@file
|
|
|
|
standard:
|
|
chain:
|
|
middlewares:
|
|
- compress@file
|
|
- common@file
|