wn/home-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
205baa7e018ff50ad2c56972738b3f0c11293dec
home-automation/deployment/mtls-config.yaml
Wolfgang Hottgenroth 205baa7e01
Some checks failed
ci/woodpecker/push/build/4 Pipeline was successful
Details
ci/woodpecker/push/predeploy Pipeline was successful
Details
ci/woodpecker/push/build/3 Pipeline was successful
Details
ci/woodpecker/push/build/2 Pipeline failed
Details
ci/woodpecker/push/deploy/2 unknown status
Details
ci/woodpecker/push/deploy/3 unknown status
Details
ci/woodpecker/push/build/1 Pipeline failed
Details
ci/woodpecker/push/deploy/1 unknown status
Details
ci/woodpecker/push/deploy/4 unknown status
Details
ci/woodpecker/tag/predeploy Pipeline was successful
Details
ci/woodpecker/tag/build/4 Pipeline was successful
Details
ci/woodpecker/tag/build/1 Pipeline was successful
Details
ci/woodpecker/tag/build/3 Pipeline was successful
Details
ci/woodpecker/tag/build/2 Pipeline was successful
Details
ci/woodpecker/tag/deploy/1 Pipeline was successful
Details
ci/woodpecker/tag/deploy/2 Pipeline was successful
Details
ci/woodpecker/tag/deploy/4 Pipeline was successful
Details
ci/woodpecker/tag/deploy/3 Pipeline was successful
Details
mtls fix 3
2025-11-29 22:19:12 +01:00

48 lines
1.3 KiB
YAML
Raw Blame History

apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: homea2-mtls
namespace: default
spec:
clientAuth:
secretNames:
- mtls-ca-cert
clientAuthType: RequireAndVerifyClientCert
minVersion: "VersionTLS12"
cipherSuites:
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_RSA_WITH_AES_128_GCM_SHA256"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: mtls-auth
namespace: default
spec:
headers:
customRequestHeaders:
X-Client-Cert: ""
customResponseHeaders:
X-mTLS-Verified: "true"
# Optional: Add IP whitelist for additional security
# ipWhiteList:
# sourceRange:
# - "10.0.0.0/8"
# - "192.168.0.0/16"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: security-headers
namespace: default
spec:
headers:
customResponseHeaders:
X-Frame-Options: "SAMEORIGIN"
X-Content-Type-Options: "nosniff"
X-XSS-Protection: "1; mode=block"
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
contentSecurityPolicy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
Reference in New Issue View Git Blame Copy Permalink