From 1c614cfa7cec75ff4ce24231ff5189f538d1b291 Mon Sep 17 00:00:00 2001
From: Elias Fink <mail@eliasfink.de>
Date: Fri, 18 Jul 2025 12:45:45 +0200
Subject: [PATCH] Refactor traefik dynamic config for middlewares

---
 traefik/config/middlewares/default.yml                 |  9 +++++++++
 .../{security.yml => middlewares/security-headers.yml} |  8 ++------
 traefik/traefik.yml                                    | 10 ++++++++--
 3 files changed, 19 insertions(+), 8 deletions(-)
 create mode 100644 traefik/config/middlewares/default.yml
 rename traefik/config/{security.yml => middlewares/security-headers.yml} (60%)

diff --git a/traefik/config/middlewares/default.yml b/traefik/config/middlewares/default.yml
new file mode 100644
index 0000000..9ac2708
--- /dev/null
+++ b/traefik/config/middlewares/default.yml
@@ -0,0 +1,9 @@
+# /services/traefik/config/middlewares/default-chain.yml
+
+http:
+  middlewares:
+    default-chain:
+      chain:
+        middlewares:
+          - favicon-injection
+          - security-headers
\ No newline at end of file
diff --git a/traefik/config/security.yml b/traefik/config/middlewares/security-headers.yml
similarity index 60%
rename from traefik/config/security.yml
rename to traefik/config/middlewares/security-headers.yml
index aa88182..1850726 100644
--- a/traefik/config/security.yml
+++ b/traefik/config/middlewares/security-headers.yml
@@ -1,12 +1,8 @@
-# /services/traefik/config/security.yml
+# /services/traefik/config/middlewares/security-headers.yml
 
 http:
   middlewares:
-    default-security:
-      chain:
-        middlewares:
-          - secure-headers
-    secure-headers:
+    security-headers:
       headers:
         hostsProxyHeaders:
           - X-Forwarded-Host
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
index aa2e46e..6a774c6 100644
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@@ -18,7 +18,7 @@ entryPoints:
     address: :443
     http:
       middlewares:
-        - default-security
+        - default-chain
       tls:
         certResolver: letsencrypt
 
@@ -33,4 +33,10 @@ certificatesResolvers:
     # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # use staging server instead of production
       email: mail@eliasfink.de
       storage: /etc/traefik/certs/acme.json
-      tlsChallenge: {}
\ No newline at end of file
+      tlsChallenge: {}
+
+experimental:
+  plugins:
+    rewritebody:
+      moduleName: "github.com/traefik/plugin-rewritebody"
+      version: "v0.3.1"
\ No newline at end of file