config/dynamic/tls.yml

@@ -1,11 +0,0 @@
-tls:
-  options:
-    default:
-      minVersion: VersionTLS12
-      cipherSuites:
-        - TLS_CHACHA20_POLY1305_SHA256
-        - TLS_AES_128_GCM_SHA256
-        - TLS_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

config/traefik.toml

@@ -34,10 +34,6 @@
   exposedByDefault = false
   defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
 
-[providers.file]
-  directory = "/etc/traefik/dynamic"
-  watch = true
-
 [certificatesResolvers.default.acme]
   email = "hostmaster@zom.bi"
   storage = "/cert/acme.json"
@@ -52,4 +48,18 @@
   keyFile = "cert/bitmask.me.origin.key"
 [[tls.certificates]]
   certFile = "cert/grun.host.origin.pem"
-  keyFile = "cert/grun.host.origin.key"
+  keyFile = "cert/grun.host.origin.key"
+
+[tls.options]
+  [tls.options.default]
+    minVersion = "VersionTLS12"
+    cipherSuites = [
+      "TLS_CHACHA20_POLY1305_SHA256",
+      "TLS_AES_128_GCM_SHA256",
+      "TLS_AES_256_GCM_SHA384",
+      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+    ]
+  [tls.options.mintls13]
+    minVersion = "VersionTLS13"

docker-compose.yml

@@ -2,7 +2,7 @@ version: '2'
 
 services:
   proxy:
-    image: traefik:v2.3
+    image: traefik:v2.1
     ports:
       - "80:80"
       - "443:443"
@@ -10,7 +10,6 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./cert/:/cert/"
       - "./config/:/etc/traefik/:ro"
-      - "./config/dynamic/:/etc/traefik/dynamic/:ro"
     labels:
       - "traefik.enable=true" # set to true to expose the Monitoring & API
       # middleware redirect