From 8f7ac516a6d4c80a0ddc8ac54419d960ffa1ceb8 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Tue, 21 Jan 2025 23:59:06 +0100
Subject: [PATCH] Ease the hardening for xframe

---
 traefik.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/traefik.yml b/traefik.yml
index 52df0ac..f4f0bd5 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -11,8 +11,14 @@ services:
       - "traefik.http.routers.${NAME}.rule=Host(`${HOST}`)"
       - "traefik.http.routers.${NAME}.tls.certresolver=myresolver"
       - "traefik.http.routers.${NAME}.entrypoints=web,websecure"
-      - "traefik.http.routers.${NAME}.middlewares=hardening@docker"
       - "traefik.http.services.${NAME}.loadbalancer.server.port=9000"
+      - "traefik.http.middlewares.hardening-${NAME}.headers.sslredirect=true"
+      - "traefik.http.middlewares.hardening-${NAME}.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.hardening-${NAME}.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.hardening-${NAME}.headers.stsSeconds=15552000"
+      - "traefik.http.middlewares.hardening-${NAME}.headers.stsPreload=true"
+      - "traefik.http.middlewares.hardening-${NAME}.headers.referrerPolicy=no-referrer"
+      - "traefik.http.routers.${NAME}.middlewares=hardening-${NAME}@docker"
 
 networks:
   traefik:
-- 
GitLab