fix: Traefik errors.
All checks were successful
Deploy to Staging / Build Images (push) Successful in 21s
Deploy to Staging / Deploy to Staging (push) Successful in 27s
Deploy to Staging / Verify Staging (push) Successful in 6s
Deploy to Staging / Notify Staging Ready (push) Successful in 6s
Deploy to Staging / Notify Staging Failure (push) Has been skipped
All checks were successful
Deploy to Staging / Build Images (push) Successful in 21s
Deploy to Staging / Deploy to Staging (push) Successful in 27s
Deploy to Staging / Verify Staging (push) Successful in 6s
Deploy to Staging / Notify Staging Ready (push) Successful in 6s
Deploy to Staging / Notify Staging Failure (push) Has been skipped
This commit is contained in:
Eric Gullickson
@@ -131,10 +131,6 @@ http:
|
|||||||
attempts: 3
|
attempts: 3
|
||||||
initialInterval: 100ms
|
initialInterval: 100ms
|
||||||
|
|
||||||
# Timeout middleware
|
|
||||||
timeout:
|
|
||||||
timeout: 30s
|
|
||||||
|
|
||||||
# Compress responses for performance
|
# Compress responses for performance
|
||||||
compression:
|
compression:
|
||||||
compress: {}
|
compress: {}
|
||||||
@@ -145,7 +141,6 @@ http:
|
|||||||
middlewares:
|
middlewares:
|
||||||
- compression
|
- compression
|
||||||
- secure-headers
|
- secure-headers
|
||||||
- timeout
|
|
||||||
|
|
||||||
# API middleware chain
|
# API middleware chain
|
||||||
api-chain:
|
api-chain:
|
||||||
@@ -157,7 +152,6 @@ http:
|
|||||||
- rate-limit
|
- rate-limit
|
||||||
- api-auth
|
- api-auth
|
||||||
- retry-policy
|
- retry-policy
|
||||||
- timeout
|
|
||||||
|
|
||||||
# Platform API middleware chain
|
# Platform API middleware chain
|
||||||
platform-chain:
|
platform-chain:
|
||||||
@@ -169,7 +163,6 @@ http:
|
|||||||
- platform-auth
|
- platform-auth
|
||||||
- circuit-breaker
|
- circuit-breaker
|
||||||
- retry-policy
|
- retry-policy
|
||||||
- timeout
|
|
||||||
|
|
||||||
# Public frontend middleware chain
|
# Public frontend middleware chain
|
||||||
frontend-chain:
|
frontend-chain:
|
||||||
@@ -177,4 +170,3 @@ http:
|
|||||||
middlewares:
|
middlewares:
|
||||||
- compression
|
- compression
|
||||||
- secure-headers
|
- secure-headers
|
||||||
- timeout
|
|
||||||
@@ -1,180 +0,0 @@
|
|||||||
http:
|
|
||||||
middlewares:
|
|
||||||
# Security headers middleware
|
|
||||||
secure-headers:
|
|
||||||
headers:
|
|
||||||
accessControlAllowMethods:
|
|
||||||
- GET
|
|
||||||
- OPTIONS
|
|
||||||
- PUT
|
|
||||||
- POST
|
|
||||||
- DELETE
|
|
||||||
accessControlAllowOriginList:
|
|
||||||
- "https://admin.motovaultpro.com"
|
|
||||||
- "https://motovaultpro.com"
|
|
||||||
accessControlMaxAge: 100
|
|
||||||
addVaryHeader: true
|
|
||||||
browserXssFilter: true
|
|
||||||
contentTypeNosniff: true
|
|
||||||
forceSTSHeader: true
|
|
||||||
frameDeny: true
|
|
||||||
stsIncludeSubdomains: true
|
|
||||||
stsPreload: true
|
|
||||||
stsSeconds: 31536000
|
|
||||||
customRequestHeaders:
|
|
||||||
X-Forwarded-Proto: https
|
|
||||||
|
|
||||||
# CORS middleware for API endpoints
|
|
||||||
cors:
|
|
||||||
headers:
|
|
||||||
accessControlAllowCredentials: true
|
|
||||||
accessControlAllowHeaders:
|
|
||||||
- "Authorization"
|
|
||||||
- "Content-Type"
|
|
||||||
- "X-Requested-With"
|
|
||||||
- "X-Tenant-ID"
|
|
||||||
accessControlAllowMethods:
|
|
||||||
- "GET"
|
|
||||||
- "POST"
|
|
||||||
- "PUT"
|
|
||||||
- "DELETE"
|
|
||||||
- "OPTIONS"
|
|
||||||
accessControlAllowOriginList:
|
|
||||||
- "https://admin.motovaultpro.com"
|
|
||||||
- "https://motovaultpro.com"
|
|
||||||
accessControlMaxAge: 100
|
|
||||||
|
|
||||||
# API authentication middleware
|
|
||||||
api-auth:
|
|
||||||
forwardAuth:
|
|
||||||
address: "http://admin-backend:3001/auth/verify"
|
|
||||||
authResponseHeaders:
|
|
||||||
- "X-Auth-User"
|
|
||||||
- "X-Auth-Roles"
|
|
||||||
- "X-Tenant-ID"
|
|
||||||
authRequestHeaders:
|
|
||||||
- "Authorization"
|
|
||||||
- "X-Tenant-ID"
|
|
||||||
trustForwardHeader: true
|
|
||||||
|
|
||||||
# Platform API authentication middleware
|
|
||||||
platform-auth:
|
|
||||||
forwardAuth:
|
|
||||||
address: "http://admin-backend:3001/auth/verify-platform"
|
|
||||||
authResponseHeaders:
|
|
||||||
- "X-Service-Name"
|
|
||||||
- "X-Auth-Scope"
|
|
||||||
authRequestHeaders:
|
|
||||||
- "X-API-Key"
|
|
||||||
- "Authorization"
|
|
||||||
trustForwardHeader: true
|
|
||||||
|
|
||||||
# Rate limiting middleware
|
|
||||||
rate-limit:
|
|
||||||
rateLimit:
|
|
||||||
burst: 100
|
|
||||||
average: 50
|
|
||||||
period: 1m
|
|
||||||
|
|
||||||
# Request/response size limits
|
|
||||||
size-limit:
|
|
||||||
buffering:
|
|
||||||
maxRequestBodyBytes: 26214400 # 25MB
|
|
||||||
maxResponseBodyBytes: 26214400 # 25MB
|
|
||||||
|
|
||||||
# IP whitelist for development (optional)
|
|
||||||
local-ips:
|
|
||||||
ipWhiteList:
|
|
||||||
sourceRange:
|
|
||||||
- "127.0.0.1/32"
|
|
||||||
- "10.0.0.0/8"
|
|
||||||
- "172.16.0.0/12"
|
|
||||||
- "192.168.0.0/16"
|
|
||||||
|
|
||||||
# Advanced security headers for production
|
|
||||||
security-headers-strict:
|
|
||||||
headers:
|
|
||||||
accessControlAllowCredentials: false
|
|
||||||
accessControlAllowMethods:
|
|
||||||
- GET
|
|
||||||
- POST
|
|
||||||
- OPTIONS
|
|
||||||
accessControlAllowOriginList:
|
|
||||||
- "https://admin.motovaultpro.com"
|
|
||||||
- "https://motovaultpro.com"
|
|
||||||
browserXssFilter: true
|
|
||||||
contentTypeNosniff: true
|
|
||||||
customRequestHeaders:
|
|
||||||
X-Forwarded-Proto: https
|
|
||||||
customResponseHeaders:
|
|
||||||
X-Frame-Options: DENY
|
|
||||||
X-Content-Type-Options: nosniff
|
|
||||||
Referrer-Policy: strict-origin-when-cross-origin
|
|
||||||
Permissions-Policy: "geolocation=(), microphone=(), camera=()"
|
|
||||||
forceSTSHeader: true
|
|
||||||
frameDeny: true
|
|
||||||
stsIncludeSubdomains: true
|
|
||||||
stsPreload: true
|
|
||||||
stsSeconds: 31536000
|
|
||||||
|
|
||||||
# Circuit breaker for reliability
|
|
||||||
circuit-breaker:
|
|
||||||
circuitBreaker:
|
|
||||||
expression: "NetworkErrorRatio() > 0.3 || ResponseCodeRatio(500, 600, 0, 600) > 0.3"
|
|
||||||
checkPeriod: 30s
|
|
||||||
fallbackDuration: 10s
|
|
||||||
recoveryDuration: 30s
|
|
||||||
|
|
||||||
# Request retry for resilience
|
|
||||||
retry-policy:
|
|
||||||
retry:
|
|
||||||
attempts: 3
|
|
||||||
initialInterval: 100ms
|
|
||||||
|
|
||||||
# Timeout middleware
|
|
||||||
timeout:
|
|
||||||
timeout: 30s
|
|
||||||
|
|
||||||
# Compress responses for performance
|
|
||||||
compression:
|
|
||||||
compress: {}
|
|
||||||
|
|
||||||
# Health check middleware chain
|
|
||||||
health-check-chain:
|
|
||||||
chain:
|
|
||||||
middlewares:
|
|
||||||
- compression
|
|
||||||
- secure-headers
|
|
||||||
- timeout
|
|
||||||
|
|
||||||
# API middleware chain
|
|
||||||
api-chain:
|
|
||||||
chain:
|
|
||||||
middlewares:
|
|
||||||
- compression
|
|
||||||
- security-headers-strict
|
|
||||||
- cors
|
|
||||||
- rate-limit
|
|
||||||
- api-auth
|
|
||||||
- retry-policy
|
|
||||||
- timeout
|
|
||||||
|
|
||||||
# Platform API middleware chain
|
|
||||||
platform-chain:
|
|
||||||
chain:
|
|
||||||
middlewares:
|
|
||||||
- compression
|
|
||||||
- security-headers-strict
|
|
||||||
- rate-limit
|
|
||||||
- platform-auth
|
|
||||||
- circuit-breaker
|
|
||||||
- retry-policy
|
|
||||||
- timeout
|
|
||||||
|
|
||||||
# Public frontend middleware chain
|
|
||||||
frontend-chain:
|
|
||||||
chain:
|
|
||||||
middlewares:
|
|
||||||
- compression
|
|
||||||
- secure-headers
|
|
||||||
- timeout
|
|
||||||
Reference in New Issue
Block a user