fdba81809f
Some checks failed
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
http:
|
|
middlewares:
|
|
authentik-forwardauth:
|
|
forwardAuth:
|
|
address: "http://apa-authentik-outpost:9000/outpost.goauthentik.io/auth/traefik"
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-meta-version
|
|
|
|
# Large upload middleware for Gitea registry
|
|
gitea-large-upload:
|
|
buffering:
|
|
maxRequestBodyBytes: 5368709120 # 5GB
|
|
memRequestBodyBytes: 104857600 # 100MB
|
|
maxResponseBodyBytes: 5368709120 # 5GB
|
|
memResponseBodyBytes: 104857600 # 100MB
|
|
retryExpression: "IsNetworkError() && Attempts() < 3"
|
|
|
|
# Rate limiting for public APIs
|
|
api-ratelimit:
|
|
rateLimit:
|
|
average: 100
|
|
burst: 50
|
|
period: 1s
|
|
|
|
# Security headers
|
|
security-headers:
|
|
headers:
|
|
frameDeny: true
|
|
sslRedirect: true
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 31536000
|
|
|
|
# CORS headers
|
|
api-cors:
|
|
headers:
|
|
accessControlAllowMethods:
|
|
- GET
|
|
- POST
|
|
- PUT
|
|
- DELETE
|
|
- OPTIONS
|
|
accessControlAllowOriginList:
|
|
- "https://app.harkon.co.uk"
|
|
accessControlAllowHeaders:
|
|
- "Content-Type"
|
|
- "Authorization"
|
|
accessControlMaxAge: 100
|
|
addVaryHeader: true
|
|
|
|
# Security headers
|