56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
http:
|
|
middlewares:
|
|
real-ip:
|
|
plugin:
|
|
traefik-warp:
|
|
logLevel: "INFO"
|
|
trustIp: [] # TraefikWarp auto-fetches Cloudflare ranges
|
|
|
|
geoblock:
|
|
plugin:
|
|
geoblock:
|
|
silentStartUp: false
|
|
allowLocalRequests: true
|
|
logLocalRequests: false
|
|
logAllowedRequests: false
|
|
logApiRequests: false
|
|
api: "https://get.geojs.io/v1/ip/country/{ip}"
|
|
apiTimeoutMs: 500
|
|
cacheSize: 25
|
|
forceMonthlyUpdate: true
|
|
allowUnknownCountries: false
|
|
unknownCountryApiResponse: "nil"
|
|
countries:
|
|
- "US"
|
|
- "DE"
|
|
|
|
crowdsec-bouncer:
|
|
plugin:
|
|
crowdsec-bouncer:
|
|
enabled: true
|
|
crowdsecMode: stream
|
|
crowdsecLapiKey: '{{ env "CROWDSEC_BOUNCER_API_KEY" }}'
|
|
crowdsecLapiHost: "crowdsec:8080"
|
|
crowdsecLapiScheme: "http"
|
|
crowdsecAppsecEnabled: true
|
|
crowdsecAppsecHost: "crowdsec:7422"
|
|
crowdsecAppsecFailureBlock: true
|
|
crowdsecAppsecUnreachableBlock: true
|
|
|
|
security-headers:
|
|
headers:
|
|
stsSeconds: 31536000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
forceSTSHeader: true
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: "strict-origin-when-cross-origin"
|
|
permissionsPolicy: "camera=(), microphone=(), geolocation=()"
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
|
|
|
rate-limit:
|
|
rateLimit:
|
|
average: 100 # requests per second sustained
|
|
burst: 50 # allowed spike above average
|
|
period: 1s |