HitLuca
commented
2 years ago @georgejung You made the same mistake as me, as not mounting the new dynamic configuration in the traefik docker container!
Open georgejung opened 3 years ago
HitLuca
commented
2 years ago @georgejung You made the same mistake as me, as not mounting the new dynamic configuration in the traefik docker container!
Is your feature request related to a problem? Please describe. Want to have something as secure as is possible, being usable. SSL Check by default gives me B rating (https://www.ssllabs.com/ssltest/) due to TLS 1, and weak ciphers.
Describe the solution you'd like Integrate dynamic config file into the role. The minimum TLS version and accepted ciphers can be set in a dynamic_conf.toml file. If we put that in our templates folder, reference it in our traefik.toml, and update the tasks/main.yml then we can harden the connection significantly, and I have not lost any functionality.
I was able to set the minimum TLS version but the ciphers hasn't seemed to work for me yet in traefik 2.4. I had both minimium tls and ciphers working in my traefik.toml (v1.7).
Describe alternatives you've considered None
Additional context https://github.com/georgejung/ansible-nas/tree/master/roles/traefik
I forked and made the changes for this specific issue in the above repo. I was hesitant to do a pull request since I didn't do all of the testing required, but that is my working code, for whatever its worth.
Thanks again for everyone's work on this project.