forked from mediaatrium/bext
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
38 lines (36 loc) · 2.25 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
version: '3.4'
services:
bext:
container_name: bext
restart: unless-stopped
build:
context: ./
command: yarn start
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.bext.rule=Host(`www.bext.com`)'
- 'traefik.http.routers.bext.entrypoints=https'
- 'traefik.http.routers.bext.tls.certresolver=httpresolver'
- 'traefik.http.routers.bext.middlewares=security-headers-bext'
- 'traefik.http.middlewares.security-headers-bext.headers.accesscontrolallowmethods=GET, OPTIONS, PUT, POST, DELETE, HEAD, PATCH'
- 'traefik.http.middlewares.security-headers-bext.headers.accesscontrolmaxage=100'
- 'traefik.http.middlewares.security-headers-bext.headers.addvaryheader=true'
- 'traefik.http.middlewares.security-headers-bext.headers.hostsproxyheaders=X-Forwarded-Host'
- 'traefik.http.middlewares.security-headers-bext.headers.sslredirect=true'
- 'traefik.http.middlewares.security-headers-bext.headers.sslproxyheaders.X-Forwarded-Proto=https'
- 'traefik.http.middlewares.security-headers-bext.headers.stsseconds=63072000'
- 'traefik.http.middlewares.security-headers-bext.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.security-headers-bext.headers.stspreload=true'
- 'traefik.http.middlewares.security-headers-bext.headers.forcestsheader=true'
- 'traefik.http.middlewares.security-headers-bext.headers.permissionspolicy=camera=(), accelerometer=(), battery=(), gamepad=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=()'
- 'traefik.http.middlewares.security-headers-bext.headers.framedeny=true'
- "traefik.http.middlewares.security-headers-bext.headers.contentsecuritypolicy=default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' https://umami.mediaatrium.de/umami.js; style-src 'self' 'unsafe-inline'"
- 'traefik.http.middlewares.security-headers-bext.headers.contenttypenosniff=true'
- 'traefik.http.middlewares.security-headers-bext.headers.browserxssfilter=true'
- 'traefik.http.middlewares.security-headers-bext.headers.referrerpolicy=same-origin'
- 'traefik.docker.network=traefik_network'
networks:
- traefik_network
networks:
traefik_network:
external: true