Add websecure entrypoint to services + fix some middlewares issues

2023-02-06 12:32:05 +01:00 · 2023-02-06 12:32:05 +01:00 · 5df1851afd
commit 5df1851afd
parent ba72e0d277
12 changed files with 16 additions and 4 deletions
--- a/apaches/docker-compose.yml
+++ b/apaches/docker-compose.yml
@ -16,6 +16,7 @@ services:
        - ${DATA_PATH}:/var/www/
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.gnousweb.entrypoints=websecure"
        - "traefik.http.routers.gnousweb.rule=Host(`${CN}`, `${SAN1}`)"
 #        - "traefik.http.routers.gnousweb.rule=Host(`${CN}`, `${SAN1}`, `${TRAVAUXCN}`)"
        - "traefik.http.middlewares.gnousweb-force-cn.redirectregex.regex=^https://${SAN1}/(.*)"
--- a/apaches/maintenance/docker-compose.yml
+++ b/apaches/maintenance/docker-compose.yml
@ -16,6 +16,7 @@ services:
        - ${DATA_PATH}/public-html:/var/www/html/
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.maintenance.entrypoints=websecure"
        - "traefik.http.routers.maintenance.rule=HostRegexp(`{catchall:.*}`)"
        - "traefik.http.routers.maintenance.priority=1"
        - "co.elastic.logs/module=apache"
--- a/apaches/testing/docker-compose.yml
+++ b/apaches/testing/docker-compose.yml
@ -16,6 +16,7 @@ services:
        - ${DATA_PATH}:/var/www/
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.gnouswebtest.entrypoints=websecure"
        - "traefik.http.routers.gnouswebtest.rule=Host(`${CN}`, `${SAN1}`)"
        - "traefik.http.routers.gnouswebtest.middlewares=gnouswebtest-redirectregex"
        - "traefik.http.middlewares.gnouswebtest-redirectregex.redirectregex.regex=^https://${SAN1}/(.*)"
--- a/elastic/docker-compose.yml
+++ b/elastic/docker-compose.yml
@ -38,6 +38,7 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.kb.entrypoints=websecure"
      - "traefik.http.routers.kb.rule=Host(`${CN}`)"
      - "co.elastic.logs/module=kibana"
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@ -29,6 +29,7 @@ services:
      - "traefik.docker.network=proxy"
      - "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"
      - "traefik.http.routers.gitea.service=gitea-svc"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.rule=Host(`${CN}`)"
  db:
--- a/gitlab/docker-compose.yml
+++ b/gitlab/docker-compose.yml
@ -23,6 +23,7 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.gitlab.service=app"
      - "traefik.http.services.app.loadbalancer.server.port=80"
      - "traefik.http.routers.gitlab.entrypoints=websecure"
      - "traefik.http.routers.gitlab.rule=Host(`${CN}`)"
 networks:
--- a/matrix/docker-compose.yml
+++ b/matrix/docker-compose.yml
@ -29,6 +29,7 @@ services:
      - "traefik.docker.network=proxy"
      - "traefik.http.services.synapse-svc.loadbalancer.server.port=8008"
      - "traefik.http.routers.synapse.service=synapse-svc"
      - "traefik.http.routers.synapse.entrypoints=websecure"
      - "traefik.http.routers.synapse.rule=Host(`${SYNAPSE_CN}`)"
  db:
--- a/mattermost/docker-compose.yml
+++ b/mattermost/docker-compose.yml
@ -32,6 +32,7 @@ services:
      - "traefik.docker.network=proxy"
      - "traefik.http.services.mm-svc.loadbalancer.server.port=8000"
      - "traefik.http.routers.mm.service=mm-svc"
      - "traefik.http.routers.mm.entrypoints=websecure"
      - "traefik.http.routers.mm.rule=Host(`${CN}`)"
 networks:
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@ -11,9 +11,10 @@ services:
      - JWT_ENABLED=true
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.documentserver.entrypoints=websecure"
      - "traefik.http.routers.documentserver.rule=Host(`${OOCN}`)"
      - "traefik.http.middlewares.ds-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.documentserver.middlewares=ds-header"
+      - "traefik.http.routers.documentserver.middlewares=ds-header,allowFrameAndCORS@file"
  redis:
    image: redis:6.2.1
@ -56,13 +57,13 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.nc.entrypoints=websecure"
      - "traefik.http.routers.nc.rule=Host(`${NCCN}`,`${SAN1}`)"
      - "traefik.http.middlewares.nc-redirectregex.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nc-redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav/"
      - "traefik.http.middlewares.nc-redirectregex.redirectregex.permanent=true"
-      - "traefik.http.routers.nc.middlewares=nc-redirectregex"
+      - "traefik.http.routers.nc.middlewares=nc-redirectregex,nc-sts"
-      - "traefik.http.routers.nc.middlewares=nc-Header"
+      - "traefik.http.middlewares.nc-sts.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nc-Header.headers.stsSeconds=15552000"
      - "co.elastic.logs/module=apache"
      - "co.elastic.logs/fileset=access"
--- a/nginxs/docs/docker-compose.yml
+++ b/nginxs/docs/docker-compose.yml
@ -15,6 +15,7 @@ services:
      - /etc/timezone:/etc/timezone:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.docs.entrypoints=websecure"
      - "traefik.http.routers.docs.rule=Host(`${CN}`)"
      - "co.elastic.logs/module=nginx"
--- a/roundcube/docker-compose.yml
+++ b/roundcube/docker-compose.yml
@ -24,6 +24,7 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.rc.entrypoints=websecure"
      - "traefik.http.routers.rc.rule=Host(`${CN}`)"
      - "co.elastic.logs/module=apache"
      - "co.elastic.logs/fileset=access"
--- a/wordpress-valpo/docker-compose.yml
+++ b/wordpress-valpo/docker-compose.yml
@ -26,6 +26,7 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.wp-valpo.entrypoints=websecure"
      - "traefik.http.routers.wp-valpo.rule=Host(`${CN}`)"
 networks: