Ognir/docker-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): añadir whitelist independiente y estructurar middlewares

Browse Source 
- Incluye access-control.yml, auth.yml y security-headers.yml
- Añadida whitelist.yml (configuración independiente)
This commit is contained in:
Ognir
2026-01-05 22:33:13 +01:00
parent 7babf81811
commit 4ce8786056
4 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
traefik/dynamic/access-control.yml Executable file
View File

@@ -0,0 +1,12 @@
# ==============================================================================
# CONTROL DE ACCESO PERIMETRAL (WHITELIST)
# ==============================================================================
http:
middlewares:
whitelist-interna:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
- "192.168.178.0/24"
- "100.64.0.0/10"
- "172.20.0.0/16"

9
traefik/dynamic/auth.yml Executable file
View File

@@ -0,0 +1,9 @@
# ==============================================================================
# AUTENTICACIÓN PARA DASHBOARD Y SERVICIOS CRÍTICOS
# ==============================================================================
http:
middlewares:
auth-dashboard:
basicAuth:
users:
- "Ognir:$apr1$0.TPOwbF$mHoZOQE2xcdWDBN4VhcBe/"

15
traefik/dynamic/security-headers.yml Executable file
View File

@@ -0,0 +1,15 @@
# ################################################################# #
# MIDDLEWARE: SECURITY-HEADERS #
# ################################################################# #
http:
middlewares:
security-headers:
headers:
forceSTSHeader: true
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
contentTypeNosniff: true
browserXssFilter: true
frameDeny: true
referrerPolicy: "same-origin"

12
whitelist.yml Executable file
View File

@@ -0,0 +1,12 @@
# ################################################################# #
# MIDDLEWARE DE WHITELIST - ACCESO RESTRINGIDO OGNIRNAS #
# ################################################################# #
http:
middlewares:
muro-seguro:
ipAllowList:
sourceRange:
- "127.0.0.1/32" # Localhost (interno)
- "192.168.178.0/24" # Tu red local de casa
- "100.64.0.0/10" # Todo el rango de Tailscale
- "172.16.0.0/12" # Redes internas de Docker