diff --git a/apps/airsonic.yml b/apps/airsonic.yml index e6f56ae..a5b5704 100644 --- a/apps/airsonic.yml +++ b/apps/airsonic.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/alltube.yml b/apps/alltube.yml index be82b40..e00c917 100644 --- a/apps/alltube.yml +++ b/apps/alltube.yml @@ -40,6 +40,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/avidemux.yml b/apps/avidemux.yml index 542fb40..b39e487 100644 --- a/apps/avidemux.yml +++ b/apps/avidemux.yml @@ -49,6 +49,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/bazarr.yml b/apps/bazarr.yml index 3aded00..5cc3c69 100644 --- a/apps/bazarr.yml +++ b/apps/bazarr.yml @@ -29,6 +29,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/beets.yml b/apps/beets.yml index 5daf87e..40f7864 100644 --- a/apps/beets.yml +++ b/apps/beets.yml @@ -36,6 +36,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/booksonic.yml b/apps/booksonic.yml index ead0354..2c55405 100644 --- a/apps/booksonic.yml +++ b/apps/booksonic.yml @@ -31,6 +31,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/cadvisor.yml b/apps/cadvisor.yml index 1f7c1f2..f6f8a07 100644 --- a/apps/cadvisor.yml +++ b/apps/cadvisor.yml @@ -30,6 +30,16 @@ traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/calibre-web.yml b/apps/calibre-web.yml index b2e93ac..778530d 100644 --- a/apps/calibre-web.yml +++ b/apps/calibre-web.yml @@ -30,6 +30,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/cloudcmd.yml b/apps/cloudcmd.yml index 799a4f8..a5eef6e 100644 --- a/apps/cloudcmd.yml +++ b/apps/cloudcmd.yml @@ -29,6 +29,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/deezloaderremix.yml b/apps/deezloaderremix.yml index 2f42884..4f2d261 100644 --- a/apps/deezloaderremix.yml +++ b/apps/deezloaderremix.yml @@ -29,6 +29,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/deluge-vpn.yml b/apps/deluge-vpn.yml index 9872189..5ef3945 100644 --- a/apps/deluge-vpn.yml +++ b/apps/deluge-vpn.yml @@ -43,6 +43,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/deluge.yml b/apps/deluge.yml index c24f3c2..1733359 100644 --- a/apps/deluge.yml +++ b/apps/deluge.yml @@ -44,6 +44,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/domoticz.yml b/apps/domoticz.yml index dc35552..51b7c85 100644 --- a/apps/domoticz.yml +++ b/apps/domoticz.yml @@ -33,6 +33,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/dozzle.yml b/apps/dozzle.yml index f7f87a9..32021ed 100644 --- a/apps/dozzle.yml +++ b/apps/dozzle.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/duplicati.yml b/apps/duplicati.yml index d14c2fd..70dd8ce 100644 --- a/apps/duplicati.yml +++ b/apps/duplicati.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/embystats.yml b/apps/embystats.yml index 0279a9d..2e62984 100644 --- a/apps/embystats.yml +++ b/apps/embystats.yml @@ -33,6 +33,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/filebot.yml b/apps/filebot.yml index d1d1be9..eb0a94b 100644 --- a/apps/filebot.yml +++ b/apps/filebot.yml @@ -31,6 +31,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/filezilla.yml b/apps/filezilla.yml index 786ffa5..a653137 100644 --- a/apps/filezilla.yml +++ b/apps/filezilla.yml @@ -41,6 +41,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/firefox.yml b/apps/firefox.yml index 7bdd457..281016a 100644 --- a/apps/firefox.yml +++ b/apps/firefox.yml @@ -58,6 +58,16 @@ traefik.frontend.headers.contentTypeNosniff: 'true' traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' #traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' diff --git a/apps/flexget.yml b/apps/flexget.yml index 7b375a6..ca38750 100644 --- a/apps/flexget.yml +++ b/apps/flexget.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/flextv.yml b/apps/flextv.yml index ff17e72..dc45746 100644 --- a/apps/flextv.yml +++ b/apps/flextv.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/gazee.yml b/apps/gazee.yml index ebc880f..78981f1 100644 --- a/apps/gazee.yml +++ b/apps/gazee.yml @@ -33,6 +33,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/gitea.yml b/apps/gitea.yml index 7435a56..d46b612 100644 --- a/apps/gitea.yml +++ b/apps/gitea.yml @@ -32,6 +32,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/handbrake.yml b/apps/handbrake.yml index 5a4f43c..c58fc8e 100644 --- a/apps/handbrake.yml +++ b/apps/handbrake.yml @@ -30,6 +30,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/headphones.yml b/apps/headphones.yml index 53312f0..ac803c4 100644 --- a/apps/headphones.yml +++ b/apps/headphones.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/htpcmanager.yml b/apps/htpcmanager.yml index 207bcc0..cb068df 100644 --- a/apps/htpcmanager.yml +++ b/apps/htpcmanager.yml @@ -29,6 +29,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/jd2-openvpn.yml b/apps/jd2-openvpn.yml index 26cf971..3141ba2 100644 --- a/apps/jd2-openvpn.yml +++ b/apps/jd2-openvpn.yml @@ -45,6 +45,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/jdownloader2.yml b/apps/jdownloader2.yml index 73cc145..b50a870 100644 --- a/apps/jdownloader2.yml +++ b/apps/jdownloader2.yml @@ -45,6 +45,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/kitana.yml b/apps/kitana.yml index 1591b0c..fd5eeab 100644 --- a/apps/kitana.yml +++ b/apps/kitana.yml @@ -30,6 +30,16 @@ traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/logarr.yml b/apps/logarr.yml index 9e59173..efb72c6 100644 --- a/apps/logarr.yml +++ b/apps/logarr.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/makemkv.yml b/apps/makemkv.yml index 608fe86..06e0cdf 100644 --- a/apps/makemkv.yml +++ b/apps/makemkv.yml @@ -32,6 +32,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mariadb.yml b/apps/mariadb.yml index 78b11db..7b76cf4 100644 --- a/apps/mariadb.yml +++ b/apps/mariadb.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mediainfo.yml b/apps/mediainfo.yml index 66fd6df..c7718d6 100644 --- a/apps/mediainfo.yml +++ b/apps/mediainfo.yml @@ -31,6 +31,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/medusa.yml b/apps/medusa.yml index ed41edc..a585c7b 100644 --- a/apps/medusa.yml +++ b/apps/medusa.yml @@ -33,6 +33,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mellow.yml b/apps/mellow.yml index 8460dad..159e34c 100644 --- a/apps/mellow.yml +++ b/apps/mellow.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mkvtoolnix.yml b/apps/mkvtoolnix.yml index aa5607a..6d91666 100644 --- a/apps/mkvtoolnix.yml +++ b/apps/mkvtoolnix.yml @@ -42,6 +42,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting default Volumes' set_fact: diff --git a/apps/monitorr.yml b/apps/monitorr.yml index 7c6cbe2..fa6994d 100644 --- a/apps/monitorr.yml +++ b/apps/monitorr.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/muximux.yml b/apps/muximux.yml index fce2d5f..57c42d7 100644 --- a/apps/muximux.yml +++ b/apps/muximux.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/mylar.yml b/apps/mylar.yml index 1f737bf..d46814a 100644 --- a/apps/mylar.yml +++ b/apps/mylar.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/nowshowing.yml b/apps/nowshowing.yml index 9303c25..6bac516 100644 --- a/apps/nowshowing.yml +++ b/apps/nowshowing.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/nzbget-mp4.yml b/apps/nzbget-mp4.yml index ed9ae9e..c800e8f 100644 --- a/apps/nzbget-mp4.yml +++ b/apps/nzbget-mp4.yml @@ -132,6 +132,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' traefik.frontend.auth.forward.address: '{{gauth}}' - name: 'Setting PG Volumes' diff --git a/apps/ombi4k.yml b/apps/ombi4k.yml index fcfd8f1..0b95788 100644 --- a/apps/ombi4k.yml +++ b/apps/ombi4k.yml @@ -46,6 +46,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/ombiHDR.yml b/apps/ombiHDR.yml index 61d0a23..77bee67 100644 --- a/apps/ombiHDR.yml +++ b/apps/ombiHDR.yml @@ -46,6 +46,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/pyload.yml b/apps/pyload.yml index ee21ab0..bac4e96 100644 --- a/apps/pyload.yml +++ b/apps/pyload.yml @@ -32,6 +32,16 @@ traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/qbittorrent-vpn.yml b/apps/qbittorrent-vpn.yml index 75d9c18..a53fd2b 100644 --- a/apps/qbittorrent-vpn.yml +++ b/apps/qbittorrent-vpn.yml @@ -46,6 +46,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/radarr4k.yml b/apps/radarr4k.yml index 4437ba2..ede857d 100644 --- a/apps/radarr4k.yml +++ b/apps/radarr4k.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/radarrhdr.yml b/apps/radarrhdr.yml index b9674b2..68cc1c6 100644 --- a/apps/radarrhdr.yml +++ b/apps/radarrhdr.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/rclonebrowser.yml b/apps/rclonebrowser.yml index bdaa6bc..76910c0 100644 --- a/apps/rclonebrowser.yml +++ b/apps/rclonebrowser.yml @@ -31,6 +31,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/rdp-calibre.yml b/apps/rdp-calibre.yml index 5520dc8..c50d121 100644 --- a/apps/rdp-calibre.yml +++ b/apps/rdp-calibre.yml @@ -31,6 +31,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/resilio.yml b/apps/resilio.yml index 9af7405..02903b9 100644 --- a/apps/resilio.yml +++ b/apps/resilio.yml @@ -48,6 +48,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/rflood-vpn.yml b/apps/rflood-vpn.yml index 7ee0c0d..69555b3 100644 --- a/apps/rflood-vpn.yml +++ b/apps/rflood-vpn.yml @@ -41,6 +41,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/rutorrent-vpn.yml b/apps/rutorrent-vpn.yml index efc5406..dc18af6 100644 --- a/apps/rutorrent-vpn.yml +++ b/apps/rutorrent-vpn.yml @@ -41,6 +41,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/sharesite.yml b/apps/sharesite.yml index d095f07..28cf5b2 100644 --- a/apps/sharesite.yml +++ b/apps/sharesite.yml @@ -41,6 +41,16 @@ traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/shoko.yml b/apps/shoko.yml index 0a38b9a..6ba67e0 100644 --- a/apps/shoko.yml +++ b/apps/shoko.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/sonarr4k.yml b/apps/sonarr4k.yml index f3aa995..83f7b09 100644 --- a/apps/sonarr4k.yml +++ b/apps/sonarr4k.yml @@ -30,6 +30,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/sonarrhdr.yml b/apps/sonarrhdr.yml index 22699eb..47dd683 100644 --- a/apps/sonarrhdr.yml +++ b/apps/sonarrhdr.yml @@ -30,6 +30,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/speedtest.yml b/apps/speedtest.yml index 1c29241..74a60ed 100644 --- a/apps/speedtest.yml +++ b/apps/speedtest.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/subsonic.yml b/apps/subsonic.yml index 8b07e92..cd470df 100644 --- a/apps/subsonic.yml +++ b/apps/subsonic.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/syncthing.yml b/apps/syncthing.yml index cff6db7..d686cb4 100644 --- a/apps/syncthing.yml +++ b/apps/syncthing.yml @@ -41,6 +41,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/teamspeak3.yml b/apps/teamspeak3.yml index cf1b51e..6dc131b 100644 --- a/apps/teamspeak3.yml +++ b/apps/teamspeak3.yml @@ -42,6 +42,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' # VOLUMES ######### - name: 'Setting PG Volumes' diff --git a/apps/templates/broken/kodi-headless.yml b/apps/templates/broken/kodi-headless.yml index ff51a2e..4756453 100644 --- a/apps/templates/broken/kodi-headless.yml +++ b/apps/templates/broken/kodi-headless.yml @@ -33,6 +33,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/templates/broken/nzbthrottle.yml b/apps/templates/broken/nzbthrottle.yml index 264c02b..1b40429 100644 --- a/apps/templates/broken/nzbthrottle.yml +++ b/apps/templates/broken/nzbthrottle.yml @@ -35,6 +35,16 @@ traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/thelounge.yml b/apps/thelounge.yml index 1fbefb0..caf9807 100644 --- a/apps/thelounge.yml +++ b/apps/thelounge.yml @@ -30,6 +30,16 @@ traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/traktor.yml b/apps/traktor.yml index 56e0d67..7e0a0a4 100644 --- a/apps/traktor.yml +++ b/apps/traktor.yml @@ -30,6 +30,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/transmission-vpn.yml b/apps/transmission-vpn.yml index fc099d2..da6f265 100644 --- a/apps/transmission-vpn.yml +++ b/apps/transmission-vpn.yml @@ -43,6 +43,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/ubooquity.yml b/apps/ubooquity.yml index fea2b84..f5fe701 100644 --- a/apps/ubooquity.yml +++ b/apps/ubooquity.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/varken.yml b/apps/varken.yml index 2011338..e0f5a4e 100644 --- a/apps/varken.yml +++ b/apps/varken.yml @@ -33,6 +33,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/vnc-xfce.yml b/apps/vnc-xfce.yml index a941942..d697728 100644 --- a/apps/vnc-xfce.yml +++ b/apps/vnc-xfce.yml @@ -29,6 +29,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/xteve.yml b/apps/xteve.yml index e222fe8..5a70016 100644 --- a/apps/xteve.yml +++ b/apps/xteve.yml @@ -31,6 +31,16 @@ traefik.port: '{{intport}}' traefik.frontend.auth.forward.address: '{{gauth}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: diff --git a/apps/zammad.yml b/apps/zammad.yml index 79c6666..f89ec24 100644 --- a/apps/zammad.yml +++ b/apps/zammad.yml @@ -33,6 +33,16 @@ traefik.enable: 'true' traefik.port: '{{intport}}' traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}' + traefik.frontend.headers.SSLHost: '{{domain.stdout}}' + traefik.frontend.headers.SSLRedirect: 'true' + traefik.frontend.headers.STSIncludeSubdomains: 'true' + traefik.frontend.headers.STSPreload: 'true' + traefik.frontend.headers.STSSeconds: '315360000' + traefik.frontend.headers.browserXSSFilter: 'true' + traefik.frontend.headers.contentTypeNosniff: 'true' + traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex' + traefik.frontend.headers.forceSTSHeader: 'true' + traefik.frontend.headers.frameDeny: 'true' - name: 'Setting PG Volumes' set_fact: