gravcat · January 6, 2019 17:04 · gravcat · Jan 6, 2019
diff --git a/traefix-example.toml b/traefix-example.toml
 # Uncomment this line in order to enable debugging through logs
 # debug = true
 defaultEntryPoints = ["http", "https"]
 [entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    MinVersion = "VersionTLS12"
    CurvePreferences = [
      "CurveP521",
      "CurveP384",
      "CurveP256"
    ]
    PreferServerCipherSuites = true
    CipherSuites = [
      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
      "TLS_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_RSA_WITH_AES_256_CBC_SHA"
    ]
    FrameDeny = false # here we don't want to deny frames since we have an embed
    STSIncludeSubdomains = true
    STSSeconds = 315360000
    STSPreload = true
    ContentTypeNosniff = true
    BrowserXssFilter = true


 # Enable ACME (Let's Encrypt): automatic SSL.
 [acme]

 # Email address used for registration.
 #
 # Required
 #
 email = "[email protected]"

 # File or key used for certificates storage.
 #
 # Required
 #
 storage = "/etc/acme.json"
 # or `storage = "traefik/acme/account"` if using KV store.

 # Entrypoint to proxy acme apply certificates to.
 # WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
 #
 # Required
 #
 entryPoint = "https"

 # Domains list.
 #
 [[acme.domains]]
  main = "peertube.adrift.io"

 # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
 #
 # Optional but recommend
 #
 [acme.httpChallenge]

  # EntryPoint to use for the challenges.
  #
  # Required
  #
  entryPoint = "http"
	# Uncomment this line in order to enable debugging through logs
	# debug = true
	defaultEntryPoints = ["http", "https"]
	[entryPoints]
	[entryPoints.http]
	address = ":80"
	[entryPoints.https]
	address = ":443"
	[entryPoints.https.tls]
	MinVersion = "VersionTLS12"
	CurvePreferences = [
	"CurveP521",
	"CurveP384",
	"CurveP256"
	]
	PreferServerCipherSuites = true
	CipherSuites = [
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
	"TLS_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_RSA_WITH_AES_256_CBC_SHA"
	]
	FrameDeny = false # here we don't want to deny frames since we have an embed
	STSIncludeSubdomains = true
	STSSeconds = 315360000
	STSPreload = true
	ContentTypeNosniff = true
	BrowserXssFilter = true


	# Enable ACME (Let's Encrypt): automatic SSL.
	[acme]

	# Email address used for registration.
	#
	# Required
	#
	email = "[email protected]"

	# File or key used for certificates storage.
	#
	# Required
	#
	storage = "/etc/acme.json"
	# or `storage = "traefik/acme/account"` if using KV store.

	# Entrypoint to proxy acme apply certificates to.
	# WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443
	#
	# Required
	#
	entryPoint = "https"

	# Domains list.
	#
	[[acme.domains]]
	main = "peertube.adrift.io"

	# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
	#
	# Optional but recommend
	#
	[acme.httpChallenge]

	# EntryPoint to use for the challenges.
	#
	# Required
	#
	entryPoint = "http"