From 602c954491fae3a48da95a5ee6a30e4133377dc3 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 29 Jan 2024 10:43:46 +0100
Subject: [PATCH] Re-rendered example

---
 example/vaultwarden.nomad.hcl | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/example/vaultwarden.nomad.hcl b/example/vaultwarden.nomad.hcl
index fa4b8fa..8764744 100644
--- a/example/vaultwarden.nomad.hcl
+++ b/example/vaultwarden.nomad.hcl
@@ -75,18 +75,19 @@ job "vaultwarden" {
       tags = [
 
         "traefik.enable=true",
-        "traefik.http.routers.vaultwarden-admin.rule=Host(`vaultwarden.example.org`) && PathPrefix(`//admin`)",
         "traefik.http.routers.vaultwarden-admin.entrypoints=https",
         "traefik.http.routers.vaultwarden-admin.priority=200",
-        "traefik.http.routers.vaultwarden-admin.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
+        "traefik.http.routers.vaultwarden-admin.rule=Host(`vaultwarden.example.org`) && PathPrefix(`/admin`)",
+        "traefik.http.middlewares.csp-vaultwarden-admin.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
+        "traefik.http.routers.vaultwarden-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-vaultwarden-admin",
 
 
         "traefik.enable=true",
-        "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.example.org`)",
         "traefik.http.routers.vaultwarden.entrypoints=https",
         "traefik.http.routers.vaultwarden.priority=100",
-        "traefik.http.middlewares.vaultwarden-csp.headers.contentsecuritypolicy=connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory;default-src 'self';font-src 'self' data:;img-src 'self' data: https://www.gravatar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
-        "traefik.http.routers.vaultwarden.middlewares=vaultwarden-csp,rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
+        "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.example.org`)",
+        "traefik.http.middlewares.csp-vaultwarden.headers.contentsecuritypolicy=connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory;default-src 'self';font-src 'self' data:;img-src 'self' data: https://www.gravatar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
+        "traefik.http.routers.vaultwarden.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-vaultwarden",
 
       ]
     }