Let Traefik only support TLS12 and TLS13

config/dynamic_conf.toml

@@ -0,0 +1,14 @@
+[tls.options]
+  [tls.options.default]
+    minVersion = "VersionTLS12"
+    cipherSuites = [
+      "TLS_CHACHA20_POLY1305_SHA256",
+      "TLS_AES_128_GCM_SHA256",
+      "TLS_AES_256_GCM_SHA384",
+      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+    ]
+  [tls.options.mintls13]
+    minVersion = "VersionTLS13"
+

config/traefik.toml

@@ -21,6 +21,7 @@
 
 [api]
   dashboard = true
+  insecure = true
 
 [metrics]
   [metrics.prometheus]
@@ -34,6 +35,11 @@
   exposedByDefault = false
   defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
 
+# we are loading an additional file, as some options can only be defined
+# in a 'dynamic' file config, not in this main config file.
+[providers.file]
+  filename = "/etc/traefik/dynamic_conf.toml"
+
 [certificatesResolvers.default.acme]
   email = "hostmaster@zom.bi"
   storage = "/cert/acme.json"
@@ -49,3 +55,4 @@
 [[tls.certificates]]
   certFile = "cert/grun.host.origin.pem"
   keyFile = "cert/grun.host.origin.key"
+

docker-compose.yml

@@ -2,7 +2,7 @@ version: '2'
 
 services:
   proxy:
-    image: traefik:v2.2
+    image: traefik:v2.3
     ports:
       - "80:80"
       - "443:443"