ansible-roles/docker-services
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

add wikijs HSTS and CSP label

Browse Source
This commit is contained in:
jean-yves.fournier
2026-03-05 14:48:36 +01:00
parent 0e48519a55
commit f31583e234
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -103,6 +103,11 @@ Example variables
wikijs_db_password: 'please-vault-this-too'
wikijs_custom_css:
- custom.css
wikijs_custom_hsts_stsSeconds : "31536000"
wikijs_custom_hsts_stsIncludeSubdomains : true
wikijs_custom_hsts_stsPreload : true
wikijs_custom_hsts_forceSTSHeader : true
wikijs_custom_csp : "default-src 'self' 'unsafe-inline' data: https://www.test.com https://www.test2.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.test.com;"
pgadmin_domain: 'pgadmin.example.com'
pgadmin_email: 'admin@example.com'

24
templates/compose/wikijs.yml.j2
View File

@@ -38,6 +38,8 @@ services:
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- wikijs_db__var_lib_mysql:/var/lib/mysql
ports:
- {{ wikijs_db_port | default("3306") }}:3306
environment:
- MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
- MYSQL_DATABASE=$DB_NAME
@@ -83,3 +85,25 @@ services:
traefik.http.routers.wikijs.tls.certresolver: letsencrypt
traefik.http.routers.wikijs.entrypoints: "websecure"
com.centurylinklabs.watchtower.enable: true
{% if wikijs_custom_hsts_stsSeconds is defined
and wikijs_custom_hsts_stsIncludeSubdomains is defined
and wikijs_custom_hsts_stsPreload is defined
and wikijs_custom_hsts_forceSTSHeader is defined %}
# HSTS
traefik.http.middlewares.mw-security-headers.headers.stsSeconds: "{{ wikijs_custom_hsts_stsSeconds }}"
traefik.http.middlewares.mw-security-headers.headers.stsIncludeSubdomains: "{{ wikijs_custom_hsts_stsIncludeSubdomains }}"
traefik.http.middlewares.mw-security-headers.headers.stsPreload: "{{ wikijs_custom_hsts_stsPreload }}"
traefik.http.middlewares.mw-security-headers.headers.forceSTSHeader: "{{ wikijs_custom_hsts_forceSTSHeader }}"
{% endif %}
{% if wikijs_custom_csp is defined %}
# CSP
traefik.http.middlewares.mw-security-headers.headers.contentSecurityPolicy: "{{ wikijs_custom_csp }}"
{% endif %}
{% if (wikijs_custom_hsts_stsSeconds is defined
and wikijs_custom_hsts_stsIncludeSubdomains is defined
and wikijs_custom_hsts_stsPreload is defined
and wikijs_custom_hsts_forceSTSHeader is defined)
or wikijs_custom_csp is defined %}
# application du middleware security-headers
traefik.http.routers.wikijs.middlewares: "mw-security-headers"
{% endif %}