From 85ca1d8890f4b43c9e2e777cfe7eadd30244935f Mon Sep 17 00:00:00 2001
From: Chris <bsod@zom.bi>
Date: Fri, 6 Nov 2020 17:55:48 +0100
Subject: [PATCH] move tls configuration from static configuration to dynamic
 configuration

---
 config/dynamic/tls.yml | 11 +++++++++++
 config/traefik.toml    | 20 +++++---------------
 docker-compose.yml     |  3 ++-
 3 files changed, 18 insertions(+), 16 deletions(-)
 create mode 100644 config/dynamic/tls.yml

diff --git a/config/dynamic/tls.yml b/config/dynamic/tls.yml
new file mode 100644
index 0000000..94311c1
--- /dev/null
+++ b/config/dynamic/tls.yml
@@ -0,0 +1,11 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
diff --git a/config/traefik.toml b/config/traefik.toml
index c7a595e..c43fd81 100644
--- a/config/traefik.toml
+++ b/config/traefik.toml
@@ -34,6 +34,10 @@
   exposedByDefault = false
   defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
 
+[providers.file]
+  directory = "/etc/traefik/dynamic"
+  watch = true
+
 [certificatesResolvers.default.acme]
   email = "hostmaster@zom.bi"
   storage = "/cert/acme.json"
@@ -48,18 +52,4 @@
   keyFile = "cert/bitmask.me.origin.key"
 [[tls.certificates]]
   certFile = "cert/grun.host.origin.pem"
-  keyFile = "cert/grun.host.origin.key"
-
-[tls.options]
-  [tls.options.default]
-    minVersion = "VersionTLS12"
-    cipherSuites = [
-      "TLS_CHACHA20_POLY1305_SHA256",
-      "TLS_AES_128_GCM_SHA256",
-      "TLS_AES_256_GCM_SHA384",
-      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
-    ]
-  [tls.options.mintls13]
-    minVersion = "VersionTLS13"
\ No newline at end of file
+  keyFile = "cert/grun.host.origin.key"
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 8cf8eb4..ce50979 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2'
 
 services:
   proxy:
-    image: traefik:v2.1
+    image: traefik:v2.3
     ports:
       - "80:80"
       - "443:443"
@@ -10,6 +10,7 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./cert/:/cert/"
       - "./config/:/etc/traefik/:ro"
+      - "./config/dynamic/:/etc/traefik/dynamic/:ro"
     labels:
       - "traefik.enable=true" # set to true to expose the Monitoring & API
       # middleware redirect