[tls.options]
  [tls.options.tls12]
    minVersion = "VersionTLS12"
    cipherSuites = [
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_AES_256_GCM_SHA384",
      "TLS_CHACHA20_POLY1305_SHA256"
    ]
    curvePreferences = ["CurveP521","CurveP384"]

[http]
  [http.middlewares.hardening.headers]
    addVaryHeader = true
    browserXssFilter = true
    contentTypeNosniff = true
    forceSTSHeader = true
    frameDeny = true
    stsIncludeSubdomains = true
    stsPreload = true
    customFrameOptionsValue = "SAMEORIGIN"
    referrerPolicy = "same-origin"
    featurePolicy = "vibrate 'self'"
    stsSeconds = 315360000

  [http.middlewares.compression.compress]
    excludedContentTypes = ["text/event-stream"]
    
  [http.middlewares.errorspages.errors]
    status = ["400-408", "500-505", 418]
    service = "nginx-errors"
    query = "{status}.html"