http:
  middlewares:
    redirect:
      redirectScheme:
        permanent: true
        scheme: https

    httpsredirect:
      redirectScheme:
        permanent: true
        scheme: https

    default-headers:
      headers:
        frameDeny: true
        #  sslRedirect: true
       accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        # customFrameOptionsValue: "allow-from https:{{env "DOMAINNAME_CLOUD_SERVER"}}" #CSP takes care of this but may be needed for organizr.
        customFrameOptionsValue: SAMEORIGIN
        contentTypeNosniff: true
        browserXssFilter: true
        # sslForceHost: true # add sslHost to all of the services
        # sslHost: "{{env "DOMAINNAME_CLOUD_SERVER"}}"
        referrerPolicy: "same-origin"
        permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
          server: ""
          # https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
          # X-Forwarded-Proto: "https"
    auth:
      basicAuth:
        users:
          - "admin:$apr1$iQ9pYbK/$gOLcycC6KlzqpcfJidjQC0"
          - "simon:$apr1$y0b/lK3y$ixUTipKjte/2L9I5NWk7O0"
    localNetwork:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "10.0.0.1/8"

    middlewares-compress:
      compress: {}

    # https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
    middlewares-buffering:
      buffering:
        maxResponseBodyBytes: 2000000
        maxRequestBodyBytes: 10485760
        memRequestBodyBytes: 2097152
        memResponseBodyBytes: 2097152
        retryExpression: "IsNetworkError() && Attempts() <= 2"