# ============================================================================== # TRAEFIK MIDDLEWARES # ============================================================================== # Middlewares reutilizables para todos los servicios # ============================================================================== http: middlewares: # ========================================================================== # RATE LIMITING # ========================================================================== rate-limit: rateLimit: average: 100 burst: 50 period: 1s rate-limit-strict: rateLimit: average: 10 burst: 20 period: 1s # ========================================================================== # CORS # ========================================================================== cors-all: headers: accessControlAllowMethods: - GET - POST - PUT - PATCH - DELETE - OPTIONS accessControlAllowOriginList: - "*" accessControlAllowHeaders: - "*" accessControlMaxAge: 100 addVaryHeader: true cors-restricted: headers: accessControlAllowMethods: - GET - POST - PUT - DELETE - OPTIONS accessControlAllowOriginListRegex: - "^https?://.*\\.localhost$" - "^https?://.*\\.example\\.com$" accessControlAllowHeaders: - Authorization - Content-Type - X-Requested-With accessControlAllowCredentials: true # ========================================================================== # SECURITY HEADERS # ========================================================================== security-headers: headers: frameDeny: true browserXssFilter: true contentTypeNosniff: true referrerPolicy: "strict-origin-when-cross-origin" customResponseHeaders: X-Robots-Tag: "noindex,nofollow" security-headers-strict: headers: frameDeny: true browserXssFilter: true contentTypeNosniff: true stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: true referrerPolicy: "strict-origin-when-cross-origin" # ========================================================================== # COMPRESSION # ========================================================================== compress: compress: {} # ========================================================================== # RETRY # ========================================================================== retry: retry: attempts: 3 initialInterval: 100ms # ========================================================================== # CIRCUIT BREAKER # ========================================================================== circuit-breaker: circuitBreaker: expression: "NetworkErrorRatio() > 0.5" # ========================================================================== # STRIP PREFIX (para APIs) # ========================================================================== strip-api-prefix: stripPrefix: prefixes: - "/api" # ========================================================================== # ADD PREFIX # ========================================================================== add-api-prefix: addPrefix: prefix: "/api" # ========================================================================== # BASIC AUTH (para dashboards) # ========================================================================== # Generar password: htpasswd -nb admin password # basic-auth: # basicAuth: # users: # - "admin:$apr1$..." # ========================================================================== # CHAINS (combinaciones comunes) # ========================================================================== api-chain: chain: middlewares: - rate-limit - cors-all - security-headers - compress web-chain: chain: middlewares: - security-headers - compress secure-chain: chain: middlewares: - rate-limit-strict - cors-restricted - security-headers-strict - compress