move tls configuration from static configuration to dynamic configuration

2020-11-06 17:55:48 +01:00 · 2020-11-06 17:55:48 +01:00 · 85ca1d8890
commit 85ca1d8890
parent f119bd7c37
3 changed files with 18 additions and 16 deletions
--- a/config/dynamic/tls.yml
+++ b/config/dynamic/tls.yml
@ -0,0 +1,11 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
--- a/config/traefik.toml
+++ b/config/traefik.toml
@ -34,6 +34,10 @@
  exposedByDefault = false
  defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"

+[providers.file]
+  directory = "/etc/traefik/dynamic"
+  watch = true
+
 [certificatesResolvers.default.acme]
  email = "hostmaster@zom.bi"
  storage = "/cert/acme.json"
@ -48,18 +52,4 @@
  keyFile = "cert/bitmask.me.origin.key"
 [[tls.certificates]]
  certFile = "cert/grun.host.origin.pem"
-  keyFile = "cert/grun.host.origin.key"
-
-[tls.options]
-  [tls.options.default]
-    minVersion = "VersionTLS12"
-    cipherSuites = [
-      "TLS_CHACHA20_POLY1305_SHA256",
-      "TLS_AES_128_GCM_SHA256",
-      "TLS_AES_256_GCM_SHA384",
-      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
-    ]
-  [tls.options.mintls13]
-    minVersion = "VersionTLS13"
+  keyFile = "cert/grun.host.origin.key"