Unverified Commit 182aac3d authored Mar 16, 2022 by Tom Moulard

traefik: strenghen tls, see https://www.ssllabs.com/ssltest

parent 50d5403e

test_config.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -1019,7 +1019,7 @@ services:
		- --log.level=ERROR
		- --metrics.prometheus
		- --api.dashboard
		- --entrypoints.websecure.http.middlewares=compress@file
		- --entrypoints.websecure.http.middlewares=compress@file,headers@file
		- --experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban
		- --experimental.plugins.fail2ban.version=v0.6.0
		- --global.checknewversion=false

traefik/docker-compose.traefik.yml

+1 −1

Original line number	Diff line number	Diff line
		@@ -26,7 +26,7 @@ services:
		- '--metrics.prometheus'
		# Misc
		- '--api.dashboard'
		- '--entrypoints.websecure.http.middlewares=compress@file${TRAEFIK_PLUGINS:-}'
		- '--entrypoints.websecure.http.middlewares=compress@file,headers@file${TRAEFIK_PLUGINS:-}'
		- '--experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban'
		- '--experimental.plugins.fail2ban.version=v0.6.0'
		- '--global.checknewversion=${TRAEFIK_CHECK_NEW_VERSION:-false}'

traefik/dynamic_conf/middlewares.yml

+4 −0

Original line number	Diff line number	Diff line
		@@ -2,3 +2,7 @@ http:
		middlewares:
		compress:
		compress: {}

		headers:
		headers:
		stsSeconds: 63072000

traefik/dynamic_conf/tls.yml

0 → 100644

+12 −0

Original line number	Diff line number	Diff line
		tls:
		options:
		default:
		minVersion: VersionTLS12

		cipherSuites:
		- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
		- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
		- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
		- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
		- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
		- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305