providers:
  docker: 
    endpoint: "unix:///var/run/docker.sock"
    network: "web"
    exposedByDefault: false

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"
    http:
      tls:
        certResolver: defaultResolver

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        # TLS 1.2
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_RSA_WITH_AES_128_GCM_SHA256
        - TLS_RSA_WITH_AES_256_GCM_SHA384
        # TLS 1.3
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      sniStrict: true
    highSecure:
      minVersion: VersionTLS13
      sniStrict: true

certificatesResolvers:
  defaultResolver:
    # Enable ACME (Let's Encrypt): automatic SSL.
    acme:

      # Email address used for registration.
      #
      # Required
      #
      email: "<Website owner email>"

      # File or key used for certificates storage.
      #
      # Required
      #
      storage: "/etc/traefik/acme/acme.json"
      httpChallenge:
        entryPoint: web
      tlsChallenge: {}