33 lines
1.5 KiB
YAML
33 lines
1.5 KiB
YAML
services:
|
|
supersam-app:
|
|
build:
|
|
context: /opt/supersam
|
|
dockerfile: Dockerfile
|
|
container_name: supersam-app
|
|
restart: unless-stopped
|
|
networks:
|
|
- coolify
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.supersam-app.rule=Host(`dost.supersamsev.ru`)
|
|
- traefik.http.routers.supersam-app.entryPoints=https
|
|
- traefik.http.routers.supersam-app.tls=true
|
|
- traefik.http.routers.supersam-app.tls.certresolver=letsencrypt
|
|
- traefik.http.routers.supersam-app.service=supersam-app
|
|
- traefik.http.services.supersam-app.loadbalancer.server.port=80
|
|
# Redirect HTTP to HTTPS
|
|
- traefik.http.routers.supersam-app-http.rule=Host(`dost.supersamsev.ru`)
|
|
- traefik.http.routers.supersam-app-http.entryPoints=http
|
|
- traefik.http.routers.supersam-app-http.middlewares=redirect-to-https
|
|
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
|
|
- traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true
|
|
# Security headers via Traefik
|
|
- traefik.http.middlewares.supersam-sec.headers.customresponseheaders.X-Content-Type-Options=nosniff
|
|
- traefik.http.middlewares.supersam-sec.headers.customresponseheaders.X-Frame-Options=DENY
|
|
- traefik.http.middlewares.supersam-sec.headers.customresponseheaders.Referrer-Policy=strict-origin-when-cross-origin
|
|
- traefik.http.routers.supersam-app.middlewares=supersam-sec
|
|
|
|
networks:
|
|
coolify:
|
|
external: true
|