traefik/tls.yml

http:
  middlewares:
    secureHeaders:
      headers:
        sslRedirect: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /tls/CF-altogether.at.crt
        keyFile: /tls/CF-altogether.at.key 
  certificates:
    - certFile: /tls/CF-altogether.at.crt
      keyFile: /tls/CF-altogether.at.key
      
    - certFile: /tls/wordpress.localhost.crt
      keyFile: /tls/wordpress.localhost.key
  options:
    default:
      clientAuth:
        # in PEM format. each file can contain multiple CAs.
        caFiles:
          - /tls/server.crt
        clientAuthType: VerifyClientCertIfGiven