{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《Global configuration of security in Traefik for Do》','https://www.manongdao.com/q-371262.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Since version 1.5 Traefik give option to configure security for each service.
These options are for available here https://docs.traefik.io/configuration/backends/docker/#security-headers and must be set in the label section of each service defined in the docker-compose file.
I wonder how can I add these options in a global manner?
So just for posterity, here is how to do it using a template file:
docker.tmplfrom source and make sure it's for your exact version. The easiest way - just click on the build number in the top right of the UI and browse to/templatefolder. Use the filename without version.Speaking of versions - add the following to your
traefik.toml:and you should add
-v /path/docker.tmpl:/docker.tmpl:roto your container too!Now you should be able to restart Traefik and everything should work as normal. To add your specific headers for all auto-generated frontends, edit
docker.tmpland just before the next to last{{end}}that is for the{{if $headers }}add this (spacing is kept):This will add the listed headers for every automatically generated fronted based on found containers just as with default installation. If a container has any custom labels though it will execute the previous logic and will skip those.
I made it like this in order to allow for predictability in how containers work and to make it as easy as possible for updating to new version. Just pasting to specific section would allow you to upgrade without handling merge conflicts and new logic.
You can go ahead and create more robust version that will handle overwriting the global config, but it would require more work during upgrades.
As dtomcej answer me on github, there is no option to set security header in a globaly maner.
We have to override the default docker's template like explained in the doc.
I find this solution a bit risky. So for now I duplicate my configuration header security in each container configuration that need it.
At the end I have something like this :