woah!
just found the solution myself...:
As
tls.options
is a dynamic configuration, you will have to use the File Provider with the following configuration in your traefik.toml file:
I therefore put my tls config into a file dynamically loaded from the directory specified in the traefik.yaml
Original Post:
Hey there, I am having the same warnings and down ratings as OP, but thought, I had done everything right by having the foloowing in my traefik.yml:
tls:
options:
default:
minVersion: VersionTLS12
sniStrict : true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
Nevertheless, I figured out, that I had to set the certresolver manually in my docker labels, too - do I also have to put the tls options there a second time?! WOuld be surprised...my docker-compose.yml looks like this re/ the labels:
labels:
- traefik.enable=true
- traefik.docker.network=internal
- traefik.http.services.nextcloud-http.loadbalancer.server.port=80
- traefik.http.routers.nextcloud-https.rule=Host(`nextcloud.domain.tld`)
- traefik.http.routers.nextcloud-https.entrypoints=https
- traefik.http.routers.nextcloud-https.service=nextcloud-http
- traefik.http.routers.nextcloud-https.tls=true
- traefik.http.routers.nextcloud-https.tls.certresolver=le
- traefik.http.routers.nextcloud-https.middlewares=headers-security-nc@file,nc-redirect-wellknown
What am I missing?!?
Thanks a lot in advance