http:
  middlewares:
    secureHeaders:
      headers:
        sslRedirect: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /tls/selfsigned.crt
        keyFile: /tls/selfsigned.key 
  certificates:
    - certFile: /tls/selfsigned.crt
      keyFile: /tls/selfsigned.key
      
  options:
    default:
      clientAuth:
        # in PEM format. each file can contain multiple CAs.
        caFiles:
          - /tls/selfsigned.crt
        clientAuthType: VerifyClientCertIfGiven