http: middlewares: authentik-forwardauth: forwardAuth: address: "http://apa-authentik-outpost:9000/outpost.goauthentik.io/auth/traefik" trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid - X-authentik-jwt - X-authentik-meta-jwks - X-authentik-meta-outpost - X-authentik-meta-provider - X-authentik-meta-app - X-authentik-meta-version # Large upload middleware for Gitea registry gitea-large-upload: buffering: maxRequestBodyBytes: 5368709120 # 5GB memRequestBodyBytes: 104857600 # 100MB maxResponseBodyBytes: 5368709120 # 5GB memResponseBodyBytes: 104857600 # 100MB retryExpression: "IsNetworkError() && Attempts() < 3" # Rate limiting for public APIs rate-limit: rateLimit: average: 100 burst: 50 period: 1s # Security headers security-headers: headers: frameDeny: true sslRedirect: true browserXssFilter: true contentTypeNosniff: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 31536000 # CORS headers api-cors: headers: accessControlAllowMethods: - GET - POST - PUT - DELETE - OPTIONS accessControlAllowOriginList: - "https://app.harkon.co.uk" accessControlAllowHeaders: - "Content-Type" - "Authorization" accessControlMaxAge: 100 addVaryHeader: true # Strip API prefixes strip-api-prefixes: stripPrefix: prefixes: - "/rag-indexer" - "/firm-connectors" - "/normalize-map" - "/ingestion" - "/extract" - "/forms" - "/hmrc" - "/ocr" - "/reason" - "/rpa" - "/coverage" - "/kg" - "/rag" tls: certificates: - certFile: /var/traefik/certs/local.crt keyFile: /var/traefik/certs/local.key options: default: minVersion: VersionTLS12 sniStrict: false