How to change to Serve TLS?

Hi Team,
Any general advice on how to change this line in server_entrypoint_tcp.go from,

err := serverHTTP.Serve(listener)

to a TLS version,

err := serverHTTP.ServeTLS(listener, "cert.pem", "key.pem")

The original version is showing up in a go source code security scan.

Hello @efora

We can investigate the topic further with our engineering team but we would love to know more about the security scan you are referring to. So we need just more context to understand what is the real issue you are facing

Thank you,

Hello @jakubhajek

The overall issue is running anything http in the cloud these days.

Security scan is for all go code. The scan has a finding on Serve(listener). Since it's a go http function.

Entry point tcp is working as expected, allowing both http/s entry points.

Thank you,

Thank you for your answer.

We have discussed that internally and we believe that we have to keep the HTTP listener active because it is needed to support redirection from HTTP to HTTPS. This is just an example of one of the use cases.

Regarding the scanner, it might be treated as the issue but in fact, it is not impacting Traefik itself.
It is needed to understand the report produced by such a scanner and consider that as a guide and not as a target.

Please let us know your thoughts in regards to that topic.

Thank you,

1 Like