Let Traefik only support TLS12 and TLS13

This commit is contained in:
paul 2020-11-06 02:16:02 +01:00 committed by Hive
parent a521b213a9
commit 1c69a41d61
3 changed files with 22 additions and 1 deletions

14
config/dynamic_conf.toml Normal file
View file

@ -0,0 +1,14 @@
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
]
[tls.options.mintls13]
minVersion = "VersionTLS13"

View file

@ -21,6 +21,7 @@
[api] [api]
dashboard = true dashboard = true
insecure = true
[metrics] [metrics]
[metrics.prometheus] [metrics.prometheus]
@ -34,6 +35,11 @@
exposedByDefault = false exposedByDefault = false
defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)" defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
# we are loading an additional file, as some options can only be defined
# in a 'dynamic' file config, not in this main config file.
[providers.file]
filename = "/etc/traefik/dynamic_conf.toml"
[certificatesResolvers.default.acme] [certificatesResolvers.default.acme]
email = "hostmaster@zom.bi" email = "hostmaster@zom.bi"
storage = "/cert/acme.json" storage = "/cert/acme.json"
@ -49,3 +55,4 @@
[[tls.certificates]] [[tls.certificates]]
certFile = "cert/grun.host.origin.pem" certFile = "cert/grun.host.origin.pem"
keyFile = "cert/grun.host.origin.key" keyFile = "cert/grun.host.origin.key"

View file

@ -2,7 +2,7 @@ version: '2'
services: services:
proxy: proxy:
image: traefik:v2.2 image: traefik:v2.3
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"