Let Traefik only support TLS12 and TLS13
This commit is contained in:
parent
a521b213a9
commit
1c69a41d61
3 changed files with 22 additions and 1 deletions
14
config/dynamic_conf.toml
Normal file
14
config/dynamic_conf.toml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
[tls.options]
|
||||||
|
[tls.options.default]
|
||||||
|
minVersion = "VersionTLS12"
|
||||||
|
cipherSuites = [
|
||||||
|
"TLS_CHACHA20_POLY1305_SHA256",
|
||||||
|
"TLS_AES_128_GCM_SHA256",
|
||||||
|
"TLS_AES_256_GCM_SHA384",
|
||||||
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
|
||||||
|
]
|
||||||
|
[tls.options.mintls13]
|
||||||
|
minVersion = "VersionTLS13"
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
dashboard = true
|
dashboard = true
|
||||||
|
insecure = true
|
||||||
|
|
||||||
[metrics]
|
[metrics]
|
||||||
[metrics.prometheus]
|
[metrics.prometheus]
|
||||||
|
@ -34,6 +35,11 @@
|
||||||
exposedByDefault = false
|
exposedByDefault = false
|
||||||
defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
|
defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
|
||||||
|
|
||||||
|
# we are loading an additional file, as some options can only be defined
|
||||||
|
# in a 'dynamic' file config, not in this main config file.
|
||||||
|
[providers.file]
|
||||||
|
filename = "/etc/traefik/dynamic_conf.toml"
|
||||||
|
|
||||||
[certificatesResolvers.default.acme]
|
[certificatesResolvers.default.acme]
|
||||||
email = "hostmaster@zom.bi"
|
email = "hostmaster@zom.bi"
|
||||||
storage = "/cert/acme.json"
|
storage = "/cert/acme.json"
|
||||||
|
@ -49,3 +55,4 @@
|
||||||
[[tls.certificates]]
|
[[tls.certificates]]
|
||||||
certFile = "cert/grun.host.origin.pem"
|
certFile = "cert/grun.host.origin.pem"
|
||||||
keyFile = "cert/grun.host.origin.key"
|
keyFile = "cert/grun.host.origin.key"
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: '2'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
proxy:
|
proxy:
|
||||||
image: traefik:v2.2
|
image: traefik:v2.3
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
|
|
Loading…
Reference in a new issue