From 450ddf69fcae8bc1cae7ab65a57e1ae288b8310b Mon Sep 17 00:00:00 2001
From: Patrick Jentsch <pjentsch@sfb1288inf-Laptop.fritz.box>
Date: Wed, 3 Jun 2020 11:18:15 +0200
Subject: [PATCH] Use more restrictive ssl settings

---
 docker-compose.yml | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c1b4ea09..1ffdeab8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,24 +19,22 @@ services:
       - "traefik.docker.network=reverse-proxy"
       - "traefik.enable=true"
       ### <http> ###
-      - "traefik.http.middlewares.nopaque-headers.headers.customrequestheaders.X-Forwarded-Proto=http"
-      - "traefik.http.middlewares.nopaque-redirectscheme.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.nopaque-redirectscheme.redirectscheme.permanent=true"
+      - "traefik.http.middlewares.nopaque-header.headers.customrequestheaders.X-Forwarded-Proto=http"
       - "traefik.http.routers.nopaque.entrypoints=web"
-      - "traefik.http.routers.nopaque.middlewares=nopaque-headers, nopaque-redirectscheme"
+      - "traefik.http.routers.nopaque.middlewares=nopaque-header, redirect-to-https@file"
       - "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)"  # Change this to match your nopaque domain
       ### </http> ###
       ### <https> ###
-      - "traefik.http.middlewares.nopaque-secure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.nopaque-secure-header.headers.customrequestheaders.X-Forwarded-Proto=https"
       - "traefik.http.routers.nopaque-secure.entrypoints=web-secure"
-      - "traefik.http.routers.nopaque-secure.middlewares=nopaque-secure-headers"
+      - "traefik.http.routers.nopaque-secure.middlewares=hsts-header@file, nopaque-secure-header"
       - "traefik.http.routers.nopaque-secure.rule=Host(`nopaque.localhost`)"  # Change this to match your nopaque domain
-      - "traefik.http.routers.nopaque-secure.tls=true"
+      - "traefik.http.routers.nopaque-secure.tls.options=intermediate@file"
       ### </https> ###
       ### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ###
       # - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password"
-      # - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme"
-      # - "traefik.http.routers.nopaque-secure.middlewares=nopaque-basicauth, nopaquesecure-headers"
+      # - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-header, redirect-to-https@file"
+      # - "traefik.http.routers.nopaque-secure.middlewares=nopaque-basicauth, hsts-header@file, nopaquesecure-header"
       ### </basicauth> ###
     networks:
       - default