By default, I receive sert B. I want to tune options for A+, but based on current documentation I cannot do it.
I saw configuration based on traefik.toml file, but how to implement the same, using docker compose?
This is my service
version: "3.7"
services:
nginx:
container_name: rs_nginx
image: nginx:stable-alpine
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.mysite.rule=Host(`sub.domain.com`)
- traefik.http.routers.mysite.entrypoints=websecure
- traefik.http.routers.mysite.tls.certresolver=le
networks:
default:
external:
name: proxy
And separated docker-compose.yaml for traefik
version: "3.7"
services:
reverse-proxy:
container_name: traefic
image: "traefik:v2.1"
ports:
- "80:80"
- "443:443"
- "127.0.0.1:8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "storage:/storage"
restart: always
command:
# - --log.level=DEBUG
# - --api.insecure
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --certificatesresolvers.le.acme.email=email@example.com
- --certificatesResolvers.le.acme.storage=/storage/acme.json
- --certificatesResolvers.le.acme.httpChallenge=true
- --certificatesResolvers.le.acme.httpChallenge.entryPoint=web
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
volumes:
storage:
networks:
default:
external:
name: proxy
Minikea
February 12, 2020, 4:30pm
2
You could try to add in labels:
- "traefik.tls.options.default.minVersion=VersionTLS12"
@Minikea thanks, but it doesn't work for me.
Minikea
February 12, 2020, 5:35pm
4
In the above example, we've used the file provider to handle these definitions. It is the only available method to configure the certificates (as well as the options and the stores)
so no other option than file provider.
@Minikea I have created traefik.yaml file but the same result. Any ideas?
providers:
docker:
exposedByDefault: false
api:
dashboard: true
insecure: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
le:
acme:
email: email@example.com
storage: /storage/acme.json
httpChallenge:
entryPoint: web
http:
middlewares:
redirect-to-https:
redirectscheme:
scheme: https
routers:
http-catchall:
rule: hostregexp(`{host:.+}`)
entrypoints: web
middlewares: redirect-to-https
log:
level: DEBUG
tls:
options:
default:
minVersion: VersionTLS12
And docker-compose.yaml
version: "3.7"
services:
reverse-proxy:
container_name: traefic
image: "traefik:v2.1"
ports:
- "80:80"
- "443:443"
- "127.0.0.1:8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik.yaml:/etc/traefik/traefik.yaml:ro"
- "storage:/storage"
restart: always
volumes:
storage:
networks:
default:
external:
name: proxy
ldez
February 13, 2020, 1:12am
6
In the v2, the dynamic configuration and the static configuration must be defined in separated files:
traefik.yml
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
api:
insecure: true
log:
level: DEBUG
providers:
docker:
exposedByDefault: false
file:
directory: /dynconfig/
certificatesResolvers:
le:
acme:
email: email@example.com
storage: /storage/acme.json
httpChallenge:
entryPoint: web
/dynconfig/myconfig.yml
http:
routers:
http-catchall:
rule: hostregexp(`{host:.+}`)
entrypoints: web
middlewares: redirect-to-https
middlewares:
redirect-to-https:
redirectscheme:
scheme: https
tls:
options:
default:
minVersion: VersionTLS12
docker-compose.yml
version: "3.7"
services:
reverse-proxy:
image: traefik:v2.1
container_name: traefik
ports:
- 80:80
- 443:443
- 127.0.0.1:8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/etc/traefik/traefik.yaml:ro
- ./dynconfig/:/dynconfig/
- storage:/storage
restart: always
volumes:
storage:
networks:
default:
external:
name: proxy
You can find examples of the global redirection pattern in the documentation:
https://docs.traefik.io/v2.1/migration/v1-to-v2/#http-to-https-redirection-is-now-configured-on-routers
@bobahvas Please open a new topic instead of hijack others topics
@ldez first of all, sorry for old topic
@ldez and thank you very much.
This should work but it doesn't. At least http -> https redirect doesn't work. After this fix I will check sert at ssllabs.
I think something missed in my service configuration
version: "3.7"
services:
nginx:
image: nginx:stable-alpine
container_name: rs_nginx
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.akkords.rule=Host(`staging.rush-sound.ru`)
- traefik.http.routers.akkords.entrypoints=websecure
- traefik.http.routers.akkords.tls.certresolver=le
networks:
- default
- akkords
networks:
default:
external:
name: proxy
akkords: