add wikijs HSTS and CSP label

templates/compose/wikijs.yml.j2

@@ -38,6 +38,8 @@ services:
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     volumes:
       - wikijs_db__var_lib_mysql:/var/lib/mysql
+    ports:
+      - {{ wikijs_db_port | default("3306") }}:3306
     environment:
       - MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
       - MYSQL_DATABASE=$DB_NAME
@@ -83,3 +85,25 @@ services:
       traefik.http.routers.wikijs.tls.certresolver: letsencrypt
       traefik.http.routers.wikijs.entrypoints: "websecure"
       com.centurylinklabs.watchtower.enable: true
+{% if wikijs_custom_hsts_stsSeconds is defined
+   and wikijs_custom_hsts_stsIncludeSubdomains is defined
+   and wikijs_custom_hsts_stsPreload is defined
+   and wikijs_custom_hsts_forceSTSHeader is defined %}
+      # HSTS
+      traefik.http.middlewares.mw-security-headers.headers.stsSeconds: "{{ wikijs_custom_hsts_stsSeconds }}"
+      traefik.http.middlewares.mw-security-headers.headers.stsIncludeSubdomains: "{{ wikijs_custom_hsts_stsIncludeSubdomains }}"
+      traefik.http.middlewares.mw-security-headers.headers.stsPreload: "{{ wikijs_custom_hsts_stsPreload }}"
+      traefik.http.middlewares.mw-security-headers.headers.forceSTSHeader: "{{ wikijs_custom_hsts_forceSTSHeader }}"
+{% endif %}
+{% if wikijs_custom_csp is defined %}
+      # CSP
+      traefik.http.middlewares.mw-security-headers.headers.contentSecurityPolicy: "{{ wikijs_custom_csp }}"
+{% endif %}
+{% if (wikijs_custom_hsts_stsSeconds is defined
+   and wikijs_custom_hsts_stsIncludeSubdomains is defined
+   and wikijs_custom_hsts_stsPreload is defined
+   and wikijs_custom_hsts_forceSTSHeader is defined)
+   or wikijs_custom_csp is defined %}
+      # application du middleware security-headers
+      traefik.http.routers.wikijs.middlewares: "mw-security-headers"
+{% endif %}