Add mTLS docs for Traefik (server)

smallstep / hello-mtls

:wave: Docs demonstrating mutual TLS configurations in various technologies

Apache License 2.0

93 stars 26 forks source link

Add mTLS docs for Traefik (server) #59

Closed QuingKhaos closed 3 years ago

QuingKhaos commented 4 years ago

Small mTLS docs for Traefik.

I though about adding how to configure Traefik with ACME against step-ca in the renewal topic. WDYT?

tashian commented 4 years ago

Hi Em, thanks for this contribution! I'm going to run through this next week and make sure I can get it working for myself. This is for Traefik v2, right?

QuingKhaos commented 4 years ago

yes, that's for Traefik to v2. Should this be mentioned and create one of for v1.7 too?

alanchrt commented 4 years ago

I'll let @tashian follow up on his run-through, but pulled it down and this is great from a code and copy perspective! Thanks so much for the contribution. :pray:

tashian commented 4 years ago

Yes, thank you @EmiiKhaos! I tested this locally and it worked for me.

I have a couple changes to propose:

Yes, I think we should mention that it's for Traefik v2, because the config is not backwards-compatible. I think it's okay to not offer a v1 config.
For server authentication, I think it's worth noting that they can use Traefik's ACME certificate resolver configuration to get and renew certificates dynamically via ACME instead of referencing static files. Traefik's ACME support is excellent. We have a mini-example here with a certificateResolvers config block for that that you could link to.

QuingKhaos commented 4 years ago

Hi @tashian, I'm currently on vacation and will be able to update this PR starting from 2020-09-21

Yes, I think we should mention that it's for Traefik v2, because the config is not backwards-compatible. I think it's okay to not offer a v1 config.

Goody, I'll just update the name in the config and docs.

For server authentication, I think it's worth noting that they can use Traefik's ACME certificate resolver configuration to get and renew certificates dynamically via ACME instead of referencing static files. Traefik's ACME support is excellent. We have a mini-example here with a certificateResolvers config block for that that you could link to.

Just mention it and link the example or create a renew.md in the docs for Traefik?

tashian commented 4 years ago

Hi @EmiiKhaos, welcome back! I hope you had a nice trip. We'd love to merge this PR and I just wanted to check in with you on it. 😄

QuingKhaos commented 4 years ago

Hi @tashian, sorry for the big delay! Finally had the time to update this. Added certificate renewal and improved the server and client auth docs too.

tashian commented 3 years ago

Yay! Thanks Em!