tls: options: default: minVersion: VersionTLS12 cipherSuites: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 curvePreferences: - CurveP521 - CurveP384 sniStrict: true http: middlewares: default: chain: middlewares: - default-security-headers - gzip default-security-headers: headers: browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true frameDeny: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 31536000 customFrameOptionsValue: "SAMEORIGIN" gzip: compress: {} traefik-crowdsec-bouncer: forwardauth: address: http://traefik-crowdsec-bouncer:8080/api/v1/forwardAuth trustForwardHeader: true real-ip-cf: plugin: real-ip: Proxy: - proxyHeadername: "*" realIP: Cf-Connecting-Ip OverwriteXFF: true hpnetwork-whitelist: ipWhiteList: sourceRange: - "127.0.0.1/32" - "10.1.0.0/24" - "10.6.0.0/24" - "192.168.0.0/24" routers: routerasteriskold: rule: "Host(`asterisk.prothmann.com`)" service: asteriskold@file entryPoints: websecure tls: certResolver: http_resolver middlewares: - hpnetwork-whitelist routerrspamdold: rule: "Host(`rspamd.prothmann.com`)" service: rspamdold@file entryPoints: websecure tls: certResolver: http_resolver middlewares: - hpnetwork-whitelist services: nextcloud: loadBalancer: servers: - url: "http://10.1.0.13:11000" asteriskold: loadBalancer: servers: - url: "http://10.3.0.28:80" rspamdold: loadBalancer: servers: - url: "http://mail.prothmann.com/rspamd/"