Closed famedly-bot closed 1 year ago
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 10:33
Commented on roles/traefik/templates/tls.yml.j2 line 1
Replace this template task with a copy task including a content parameter instead
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 10:33
Commented on roles/traefik/defaults/main.yml line 115
This looks good in general, but how much was this tested? A --diff --check run against a few hosts would be nice to see if this works and whether it changes the config and how.
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 10:33
LGTM in general, if this has been extensively tested I'm happy with it
famedly-bot
commented
2 years ago In GitLab by @jdreichmann on Aug 19, 2022, 11:46
Commented on roles/traefik/defaults/main.yml line 115
it reorders all keys making the --diff --check incredibly hard to verify but against all of test, the options were the same
famedly-bot
commented
2 years ago In GitLab by @jdreichmann on Aug 19, 2022, 11:48
resolved all threads
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 11:49
resolved all threads
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 11:49
approved this merge request
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 11:49
unapproved this merge request
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 11:50
resolved all threads
famedly-bot
commented
2 years ago In GitLab by @jcgruenhage on Aug 19, 2022, 11:50
Commented on roles/traefik/templates/tls.yml.j2 line 1
created #8 to continue this discussion
famedly-bot
commented
2 years ago In GitLab by @jdreichmann on Aug 19, 2022, 11:50
Commented on roles/traefik/defaults/main.yml line 115
--- before: /opt/traefik/config.d/tls.yml
+++ after: /home/transcaffeine/.ansible/tmp/ansible-local-531034apv1f1ht/tmpj0qyveo0/tls.yml.j2
@@ -1,31 +1,30 @@
-tls: [190/41474]
- options:
- lax:
- preferServerCipherSuites: true
- nosni:
- minVersion: "VersionTLS12"
- sniStrict: false
- preferServerCipherSuites: true
- default:
- minVersion: "VersionTLS12"
- sniStrict: true
- preferServerCipherSuites: true
- cipherSuites:
- - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- strict:
- minVersion: "VersionTLS13"
- sniStrict: true
- preferServerCipherSuites: true
- certificates:
- - certFile: /opt/traefik/certs/vitos.messaging.int.curamenta.corp.pem
- keyFile: /opt/traefik/certs/vitos.messaging.int.curamenta.corp.key
-
http:
middlewares:
hsts:
headers:
+ stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
- stsIncludeSubdomains: true
+tls:
+ certificates:
+ - certFile: /opt/traefik/certs/vitos.messaging.int.curamenta.corp.pem
+ keyFile: /opt/traefik/certs/vitos.messaging.int.curamenta.corp.key
+ options:
+ default:
+ cipherSuites:
+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ minVersion: VersionTLS12
+ preferServerCipherSuites: true
+ sniStrict: true
+ lax:
+ preferServerCipherSuites: true
+ nosni:
+ minVersion: VersionTLS12
+ preferServerCipherSuites: true
+ sniStrict: false
+ strict:
+ minVersion: VersionTLS13
+ preferServerCipherSuites: true
+ sniStrict: true
changed: [vitos.messaging.int.curamenta.corp] => (item=tls)In GitLab by @jcgruenhage on Aug 19, 2022, 11:50
approved this merge request
In GitLab by @jdreichmann on Aug 19, 2022, 08:23
Merges transcaffeine/traefik-template-refactor -> main