Categories
Docker

HSTS with Traefik and Docker

I’ve recently started to move the stuff I host to Docker, using the Traefik reverse proxy as the SSL termination.

Traefik is a really nice piece of software, but unfortunately while the documentation is great, it’s somewhat missing in tutorials and examples.

Among other things, I host a Nextcloud instance, and among the security suggestions, it tells me to add a Strict-Transport-Security header with a value of at least 15552000.

In my case, it was not strictly necessary as edzilla.info is already using HSTS preloading, but I wanted to follow the security suggestions to the letter.

To add the header to any host reverse proxied service, you simply have to add a label such as this:

traefik.frontend.headers.customResponseHeaders=Strict-Transport-Security:15552000

4 replies on “HSTS with Traefik and Docker”

To be honest I have absolutely no experience with kubernetes, but from what I understand from traefik, it should work fine.

This is the configuration for traefik 1.x, I have yet to upgrade to 2.x, so I’m not sure what the correct configuration for that is

Leave a Reply to Rob Cancel reply

Your email address will not be published. Required fields are marked *