add default headers

This commit is contained in:
Lee 2024-09-22 03:11:11 +01:00
parent 15e90e0443
commit f4cfb51b8e
49 changed files with 162 additions and 0 deletions

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`aetheria-grafana.fascinated.cc`) - match: Host(`aetheria-grafana.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: aetheria-grafana-external - name: aetheria-grafana-external
port: 3000 port: 3000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`aetheria-influx.fascinated.cc`) - match: Host(`aetheria-influx.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: aetheria-influx-external - name: aetheria-influx-external
port: 8086 port: 8086

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`analytics.fascinated.cc`) - match: Host(`analytics.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: analytics-external - name: analytics-external
port: 8000 port: 8000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`api.mcutils.xyz`) - match: Host(`api.mcutils.xyz`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: mc-utils-api-external - name: mc-utils-api-external
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`azure-metrics.fascinated.cc`) - match: Host(`azure-metrics.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: azure-metrics-external - name: azure-metrics-external
port: 3000 port: 3000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`azure-phpma.fascinated.cc`) - match: Host(`azure-phpma.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: azure-phpma-external - name: azure-phpma-external
port: 8080 port: 8080

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`bitmagnet.local.fascinated.cc`) - match: Host(`bitmagnet.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: bitmagnet-local-external - name: bitmagnet-local-external
port: 3333 port: 3333

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`cdn.fascinated.cc`) - match: Host(`cdn.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: cdn-external - name: cdn-external
port: 8087 port: 8087

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`cloud.fascinated.cc`) - match: Host(`cloud.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: nextcloud-external - name: nextcloud-external
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`docs.fascinated.cc`) - match: Host(`docs.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: docs-external - name: docs-external
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`fascinated.cc`) - match: Host(`fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: main-site-external - name: main-site-external
port: 3000 port: 3000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`git.fascinated.cc`) - match: Host(`git.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: git-external - name: git-external
port: 3003 port: 3003

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`glitchtip.fascinated.cc`) - match: Host(`glitchtip.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: sentry-external - name: sentry-external
port: 8000 port: 8000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`grafana.mcutils.xyz`) - match: Host(`grafana.mcutils.xyz`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: mc-utils-grafana-external - name: mc-utils-grafana-external
port: 3000 port: 3000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`img.fascinated.cc`) - match: Host(`img.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: img-proxy-external - name: img-proxy-external
port: 8080 port: 8080

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`influx.mcutils.xyz`) - match: Host(`influx.mcutils.xyz`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: mc-utils-influx-external - name: mc-utils-influx-external
port: 8086 port: 8086

@ -11,6 +11,9 @@ spec:
routes: routes:
- match: Host(`kubernetes-grafana.local.fascinated.cc`) - match: Host(`kubernetes-grafana.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: kube-prometheus-stack-grafana - name: kube-prometheus-stack-grafana
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`mastodon.fascinated.cc`) - match: Host(`mastodon.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: mastodon-external - name: mastodon-external
port: 3000 port: 3000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`mc-tracker.fascinated.cc`) - match: Host(`mc-tracker.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: mc-tracker-external - name: mc-tracker-external
port: 3000 port: 3000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`mcutils.xyz`) - match: Host(`mcutils.xyz`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: mc-utils-external - name: mc-utils-external
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`node-hl-01.fascinated.cc`) - match: Host(`node-hl-01.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: node-hl-01-external - name: node-hl-01-external
port: 443 port: 443

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`obsidian-sync.fascinated.cc`) - match: Host(`obsidian-sync.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: obsidian-sync-external - name: obsidian-sync-external
port: 5984 port: 5984

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`overseerr.fascinated.cc`) - match: Host(`overseerr.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: overseerr-external - name: overseerr-external
port: 5055 port: 5055

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`owntracks-web.fascinated.cc`) - match: Host(`owntracks-web.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: owntracks-web-external - name: owntracks-web-external
port: 6969 port: 6969

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`owntracks.fascinated.cc`) - match: Host(`owntracks.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: owntracks-external - name: owntracks-external
port: 8083 port: 8083

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`panel.fascinated.cc`) - match: Host(`panel.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: panel-external - name: panel-external
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`paste-grafana.local.fascinated.cc`) - match: Host(`paste-grafana.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: paste-grafana-local-external - name: paste-grafana-local-external
port: 3035 port: 3035

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`plex.fascinated.cc`) - match: Host(`plex.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: plex-external - name: plex-external
port: 32400 port: 32400

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`proxmox.local.fascinated.cc`) - match: Host(`proxmox.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: proxmox-luna-local-external - name: proxmox-luna-local-external
port: 8006 port: 8006

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`repo.fascinated.cc`) - match: Host(`repo.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: repo-external - name: repo-external
port: 8080 port: 8080

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`restic.fascinated.cc`) - match: Host(`restic.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: restic-backups-external - name: restic-backups-external
port: 8000 port: 8000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`s.fascinated.cc`) - match: Host(`s.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: slash-external - name: slash-external
port: 5231 port: 5231

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`sonarr-anime.local.fascinated.cc`) - match: Host(`sonarr-anime.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: sonarr-anime-local-external - name: sonarr-anime-local-external
port: 8988 port: 8988

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`sonarr.local.fascinated.cc`) - match: Host(`sonarr.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: sonarr-local-external - name: sonarr-local-external
port: 8989 port: 8989

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`ssr-staging.fascinated.cc`) - match: Host(`ssr-staging.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: ssr-staging-external - name: ssr-staging-external
port: 80 port: 80

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`status.fascinated.cc`) - match: Host(`status.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: status-external - name: status-external
port: 3001 port: 3001

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`subscriptions.fascinated.cc`) - match: Host(`subscriptions.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: subscriptions-external - name: subscriptions-external
port: 8282 port: 8282

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`tautulli.fascinated.cc`) - match: Host(`tautulli.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: tautulli-external - name: tautulli-external
port: 8181 port: 8181

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`tdarr.local.fascinated.cc`) - match: Host(`tdarr.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: tdarr-local-external - name: tdarr-local-external
port: 8265 port: 8265

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`teleport.fascinated.cc`) - match: Host(`teleport.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: teleport-external - name: teleport-external
port: 3080 port: 3080

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`torrent.local.fascinated.cc`) - match: Host(`torrent.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: torrent-local-external - name: torrent-local-external
port: 8080 port: 8080

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`translate.fascinated.cc`) - match: Host(`translate.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: translate-external - name: translate-external
port: 5000 port: 5000

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`tube.fascinated.cc`) - match: Host(`tube.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: tube-external - name: tube-external
port: 8209 port: 8209

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`vaultwarden.fascinated.cc`) - match: Host(`vaultwarden.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: vaultwarden-external - name: vaultwarden-external
port: 4743 port: 4743

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`vencloud.fascinated.cc`) - match: Host(`vencloud.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: vencloud-external - name: vencloud-external
port: 8080 port: 8080

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`wakatime.fascinated.cc`) - match: Host(`wakatime.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: wakatime-external - name: wakatime-external
port: 3355 port: 3355

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`wazuh.local.fascinated.cc`) - match: Host(`wazuh.local.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: wazuh-external - name: wazuh-external
port: 443 port: 443

@ -23,6 +23,9 @@ spec:
routes: routes:
- match: Host(`wiki.fascinated.cc`) - match: Host(`wiki.fascinated.cc`)
kind: Rule kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services: services:
- name: wiki-external - name: wiki-external
port: 80 port: 80

@ -0,0 +1,18 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: default-headers
namespace: traefik
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
referrerPolicy: no-referrer
contentSecurityPolicy: "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self';"
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https