You've already forked docker-services
add wikijs HSTS and CSP label
This commit is contained in:
jean-yves.fournier
@@ -103,6 +103,11 @@ Example variables
|
|||||||
wikijs_db_password: 'please-vault-this-too'
|
wikijs_db_password: 'please-vault-this-too'
|
||||||
wikijs_custom_css:
|
wikijs_custom_css:
|
||||||
- custom.css
|
- custom.css
|
||||||
|
wikijs_custom_hsts_stsSeconds : "31536000"
|
||||||
|
wikijs_custom_hsts_stsIncludeSubdomains : true
|
||||||
|
wikijs_custom_hsts_stsPreload : true
|
||||||
|
wikijs_custom_hsts_forceSTSHeader : true
|
||||||
|
wikijs_custom_csp : "default-src 'self' 'unsafe-inline' data: https://www.test.com https://www.test2.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.test.com;"
|
||||||
|
|
||||||
pgadmin_domain: 'pgadmin.example.com'
|
pgadmin_domain: 'pgadmin.example.com'
|
||||||
pgadmin_email: 'admin@example.com'
|
pgadmin_email: 'admin@example.com'
|
||||||
|
|||||||
@@ -38,6 +38,8 @@ services:
|
|||||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||||
volumes:
|
volumes:
|
||||||
- wikijs_db__var_lib_mysql:/var/lib/mysql
|
- wikijs_db__var_lib_mysql:/var/lib/mysql
|
||||||
|
ports:
|
||||||
|
- {{ wikijs_db_port | default("3306") }}:3306
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
|
- MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
|
||||||
- MYSQL_DATABASE=$DB_NAME
|
- MYSQL_DATABASE=$DB_NAME
|
||||||
@@ -83,3 +85,25 @@ services:
|
|||||||
traefik.http.routers.wikijs.tls.certresolver: letsencrypt
|
traefik.http.routers.wikijs.tls.certresolver: letsencrypt
|
||||||
traefik.http.routers.wikijs.entrypoints: "websecure"
|
traefik.http.routers.wikijs.entrypoints: "websecure"
|
||||||
com.centurylinklabs.watchtower.enable: true
|
com.centurylinklabs.watchtower.enable: true
|
||||||
|
{% if wikijs_custom_hsts_stsSeconds is defined
|
||||||
|
and wikijs_custom_hsts_stsIncludeSubdomains is defined
|
||||||
|
and wikijs_custom_hsts_stsPreload is defined
|
||||||
|
and wikijs_custom_hsts_forceSTSHeader is defined %}
|
||||||
|
# HSTS
|
||||||
|
traefik.http.middlewares.mw-security-headers.headers.stsSeconds: "{{ wikijs_custom_hsts_stsSeconds }}"
|
||||||
|
traefik.http.middlewares.mw-security-headers.headers.stsIncludeSubdomains: "{{ wikijs_custom_hsts_stsIncludeSubdomains }}"
|
||||||
|
traefik.http.middlewares.mw-security-headers.headers.stsPreload: "{{ wikijs_custom_hsts_stsPreload }}"
|
||||||
|
traefik.http.middlewares.mw-security-headers.headers.forceSTSHeader: "{{ wikijs_custom_hsts_forceSTSHeader }}"
|
||||||
|
{% endif %}
|
||||||
|
{% if wikijs_custom_csp is defined %}
|
||||||
|
# CSP
|
||||||
|
traefik.http.middlewares.mw-security-headers.headers.contentSecurityPolicy: "{{ wikijs_custom_csp }}"
|
||||||
|
{% endif %}
|
||||||
|
{% if (wikijs_custom_hsts_stsSeconds is defined
|
||||||
|
and wikijs_custom_hsts_stsIncludeSubdomains is defined
|
||||||
|
and wikijs_custom_hsts_stsPreload is defined
|
||||||
|
and wikijs_custom_hsts_forceSTSHeader is defined)
|
||||||
|
or wikijs_custom_csp is defined %}
|
||||||
|
# application du middleware security-headers
|
||||||
|
traefik.http.routers.wikijs.middlewares: "mw-security-headers"
|
||||||
|
{% endif %}
|
||||||
Reference in New Issue
Block a user