[log]
level = "DEBUG"
# [ping]

[providers.docker]
exposedbydefault = false
[entrypoints.http]
address = ":80"
[entrypoints.https]
address = ":443"
[entrypoints.https.http3]

[entryPoints.http.proxyProtocol]
insecure = false
trustedIPs = [ ]

[entryPoints.http.forwardedHeaders]
insecure = false
trustedIPs = [ ]

[entryPoints.https.proxyProtocol]
insecure = false
trustedIPs = [ ]

[entryPoints.https.forwardedHeaders]
insecure = false
trustedIPs = [ ]

[entrypoints.http.http.redirections.entryPoint]
to="https" 
scheme = "https"

[http.middlewares]
[http.middlewares.traefik-compress.compress]

[http.routers.http]
middlewares = "traefik-compress"
[http.routers.https]
middlewares = "traefik-compress"
[http.routers.traefik]
middlewares = "traefik-compress"
# [entryPoints.traefik]
# address = ":9000"


[certificatesresolvers.letsencrypt.acme]
email = 'jade@ellis.link'
storage = "/certificates/acme.json"

# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
# - "--certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=http"
tlschallenge = true

[tls.options]
[tls.options.modern]
minVersion = "VersionTLS13"
sniStrict = true
[tls.options.default]
minVersion = "VersionTLS12"
cipherSuites = [
  "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
  "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
  "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
]

sniStrict = true