traefik/config.yml

http:
  routers:
    # Router for Gogs (if it's running outside Docker or on different network)
    gogs:
      rule: "Host(`git.pkartchner.com`)"
      entryPoints:
        - https
      service: gogs
      tls:
        certResolver: letsencrypt

  services:
    # Service for Gogs
    gogs:
      loadBalancer:
        servers:
          - url: "http://gogs.pkartchner.com:3000"

  middlewares:
    # Security headers
    secure-headers:
      headers:
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: "same-origin"