Categories
Docker

HSTS with Traefik 1 and Docker

I’ve recently started to move the stuff I host to Docker, using the Traefik reverse proxy as the SSL termination.

Traefik is a really nice piece of software, but unfortunately while the documentation is great, it’s somewhat missing in tutorials and examples.

Among other things, I host a Nextcloud instance, and among the security suggestions, it tells me to add a Strict-Transport-Security header with a value of at least 15552000.

In my case, it was not strictly necessary as edzilla.info is already using HSTS preloading, but I wanted to follow the security suggestions to the letter.

To add the header to any host reverse proxied service, you simply have to add a label such as this:

traefik.frontend.headers.customResponseHeaders=Strict-Transport-Security:15552000

6 replies on “HSTS with Traefik 1 and Docker”

To be honest I have absolutely no experience with kubernetes, but from what I understand from traefik, it should work fine.

Yes, absolutely! In Kubernetes, you’d configure it as an Ingress Controller, which, tbh, is by far the best way to use it. Docker support kind of feels like an afterthought in the context of that. I wish they’d add support for config via environment variables to make a little more “docker-native”.

is there a trick to getting this working? i’ve added the label but it’s still not adding the header…

This is the configuration for traefik 1.x, I have yet to upgrade to 2.x, so I’m not sure what the correct configuration for that is

Leave a Reply

Your email address will not be published. Required fields are marked *