diff --git a/src/images/traefik/Dockerfile b/src/images/traefik/Dockerfile index 3516327..3e993b2 100644 --- a/src/images/traefik/Dockerfile +++ b/src/images/traefik/Dockerfile @@ -15,6 +15,7 @@ ARG TIMEZONE ENV TZ=${TIMEZONE} RUN ln -snf /usr/share/zoneinfo/$TIMEZONE /etc/localtime && echo $TIMEZONE > /etc/timezone +# Traefik config ARG TRAEFIK_LOG_LEVEL ARG TRAEFIK_DOMAIN_NAME ARG TRAEFIK_DOCKER_NETWORK @@ -24,9 +25,6 @@ ARG TRAEFIK_ACME_DNS_CHALLENGE_PROVIDER ARG TRAEFIK_API_DASHBOARD ARG TRAEFIK_API_DASHBOARD_SUBDOMAIN ARG TRAEFIK_API_INSECURE -ARG TRAEFIK_BASIC_AUTH_USERNAME -ARG TRAEFIK_BASIC_AUTH_PASSWORD_HASH -ARG TEAEFIK_CORS_ALLOW_ORIGIN ENV TRAEFIK_LOG_LEVEL ${TRAEFIK_LOG_LEVEL} ENV TRAEFIK_DOMAIN_NAME ${TRAEFIK_DOMAIN_NAME} ENV TRAEFIK_DOCKER_NETWORK ${TRAEFIK_DOCKER_NETWORK} @@ -36,9 +34,24 @@ ENV TRAEFIK_ACME_DNS_CHALLENGE_PROVIDER ${TRAEFIK_ACME_DNS_CHALLENGE_PROVIDER} ENV TRAEFIK_API_DASHBOARD ${TRAEFIK_API_DASHBOARD} ENV TRAEFIK_API_DASHBOARD_SUBDOMAIN ${TRAEFIK_API_DASHBOARD_SUBDOMAIN} ENV TRAEFIK_API_INSECURE ${TRAEFIK_API_INSECURE} +# Basic Auth +ARG TRAEFIK_BASIC_AUTH_USERNAME +ARG TRAEFIK_BASIC_AUTH_PASSWORD_HASH ENV TRAEFIK_BASIC_AUTH_USERNAME ${TRAEFIK_BASIC_AUTH_USERNAME} ENV TRAEFIK_BASIC_AUTH_PASSWORD_HASH ${TRAEFIK_BASIC_AUTH_PASSWORD_HASH} -ENV TEAEFIK_CORS_ALLOW_ORIGIN ${TEAEFIK_CORS_ALLOW_ORIGIN} +# Middleware Header +ARG TRAEFIK_HEADER_X_ROBOTS_TAG +ARG TRAEFIK_HEADER_REFERRER_POLICY +ARG TRAEFIK_HEADER_FRAME_DENY +ARG TRAEFIK_HEADER_CONTENT_SECURITY_POLICY +ARG TRAEFIK_HEADER_PERMISSION_POLICY +ARG TEAEFIK_HEADER_CORS_LIST +ENV TRAEFIK_HEADER_X_ROBOTS_TAG ${TRAEFIK_HEADER_X_ROBOTS_TAG} +ENV TRAEFIK_HEADER_REFERRER_POLICY ${TRAEFIK_HEADER_REFERRER_POLICY} +ENV TRAEFIK_HEADER_FRAME_DENY ${TRAEFIK_HEADER_FRAME_DENY} +ENV TRAEFIK_HEADER_CONTENT_SECURITY_POLICY ${TRAEFIK_HEADER_CONTENT_SECURITY_POLICY} +ENV TRAEFIK_HEADER_PERMISSION_POLICY ${TRAEFIK_HEADER_PERMISSION_POLICY} +ENV TEAEFIK_HEADER_CORS_LIST ${TEAEFIK_HEADER_CORS_LIST} COPY ./images/traefik/config/traefik.yml /etc/traefik/traefik.yml COPY ./images/traefik/config/dynamic/ /etc/traefik/dynamic/ @@ -50,4 +63,4 @@ ENTRYPOINT [ "/setup.sh" ] CMD [ "traefik" ] -FROM base as local \ No newline at end of file +FROM base as local diff --git a/src/images/traefik/setup.sh b/src/images/traefik/setup.sh index 7cca770..62ab3f3 100644 --- a/src/images/traefik/setup.sh +++ b/src/images/traefik/setup.sh @@ -27,7 +27,12 @@ if [[ -f "$TRAEFIK_DYNAMIC_CONFIG_DIR/middlewares.yml" ]]; then sed -i "$TRAEFIK_DYNAMIC_CONFIG_DIR/middlewares.yml" \ -e "s#__TRAEFIK_BASIC_AUTH_USERNAME#$TRAEFIK_BASIC_AUTH_USERNAME#g" \ -e "s#__TRAEFIK_BASIC_AUTH_PASSWORD_HASH#$PASSWORD_DECODE#g" \ - -e "s#__TRAEFIK_CORS_ALLOW_ORIGIN#$TRAEFIK_CORS_ALLOW_ORIGIN#g" + -e "s#__TRAEFIK_HEADER_X_ROBOTS_TA#$TRAEFIK_HEADER_X_ROBOTS_TA#g" \ + -e "s#__TRAEFIK_HEADER_REFERRER_POLICY#$TRAEFIK_HEADER_REFERRER_POLICY#g" \ + -e "s#__TRAEFIK_HEADER_FRAME_DENY#$TRAEFIK_HEADER_FRAME_DENY#g" \ + -e "s#TRAEFIK_HEADER_CONTENT_SECURITY_POLICY#$TRAEFIK_HEADER_CONTENT_SECURITY_POLICY#g" \ + -e "s#__TRAEFIK_HEADER_PERMISSION_POLICY#$TRAEFIK_HEADER_PERMISSION_POLICY#g" \ + -e "s#__TRAEFIK_CORS_ALLOW_ORIGIN#$TRAEFIK_HEADER_CORS_LIST#g" fi exec "$@"