83 lines
1.9 KiB
YAML
83 lines
1.9 KiB
YAML
---
|
|
# Middleware para redirección HTTP → HTTPS
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: redirect-https
|
|
namespace: student-enrollment
|
|
spec:
|
|
redirectScheme:
|
|
permanent: true
|
|
scheme: https
|
|
---
|
|
# Middleware para security headers
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: security-headers
|
|
namespace: student-enrollment
|
|
spec:
|
|
headers:
|
|
frameDeny: true
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: "strict-origin-when-cross-origin"
|
|
customResponseHeaders:
|
|
X-Robots-Tag: "noindex, nofollow"
|
|
---
|
|
# IngressRoute HTTP - Redirección a HTTPS
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: academia-http-redirect
|
|
namespace: student-enrollment
|
|
spec:
|
|
entryPoints:
|
|
- web
|
|
routes:
|
|
- kind: Rule
|
|
match: Host(`academia.ingeniumcodex.com`)
|
|
middlewares:
|
|
- name: redirect-https
|
|
namespace: student-enrollment
|
|
services:
|
|
- name: student-frontend
|
|
port: 80
|
|
---
|
|
# IngressRoute HTTPS - Principal con TLS
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: academia-https
|
|
namespace: student-enrollment
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
# API GraphQL
|
|
- kind: Rule
|
|
match: Host(`academia.ingeniumcodex.com`) && PathPrefix(`/graphql`)
|
|
middlewares:
|
|
- name: security-headers
|
|
namespace: student-enrollment
|
|
services:
|
|
- name: student-api
|
|
port: 5000
|
|
# Health check
|
|
- kind: Rule
|
|
match: Host(`academia.ingeniumcodex.com`) && PathPrefix(`/health`)
|
|
services:
|
|
- name: student-api
|
|
port: 5000
|
|
# Frontend (catch-all)
|
|
- kind: Rule
|
|
match: Host(`academia.ingeniumcodex.com`)
|
|
middlewares:
|
|
- name: security-headers
|
|
namespace: student-enrollment
|
|
services:
|
|
- name: student-frontend
|
|
port: 80
|
|
tls:
|
|
certResolver: letsencrypt
|