# Uncomment this line in order to enable debugging through logs # debug = true defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] MinVersion = "VersionTLS12" CurvePreferences = [ "CurveP521", "CurveP384", "CurveP256" ] PreferServerCipherSuites = true CipherSuites = [ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA" ] FrameDeny = false # here we don't want to deny frames since we have an embed STSIncludeSubdomains = true STSSeconds = 315360000 STSPreload = true ContentTypeNosniff = true BrowserXssFilter = true # Enable ACME (Let's Encrypt): automatic SSL. [acme] # Email address used for registration. # # Required # email = "me@nutomic.com" # File or key used for certificates storage. # # Required # storage = "/etc/acme.json" # or `storage = "traefik/acme/account"` if using KV store. # Entrypoint to proxy acme apply certificates to. # WARNING, if the TLS-SNI-01 challenge is used, it must point to an entrypoint on port 443 # # Required # entryPoint = "https" # Domains list. # [[acme.domains]] main = "{{ domain }}" # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge # # Optional but recommend # [acme.httpChallenge] # EntryPoint to use for the challenges. # # Required # entryPoint = "http"