How to disable SSL configuration when working localy

Hi there

I've a docker-compose setup for Traefik v2. It's running fine on my server, got HTTP to HTTPS, HSTS & so on. I'ld like to work on this locally, but the SSL is in the way.

My first though was, how can I disable all the SSL stuff at once so it's working as usual, without the whole redirection stuff ? Maybe a docker-compose.localhost.yml override ?

I also saw an example of someone using mkcert to deal with this, providing a valid localhost certificate instead of disabling SSL. Interesting, but I don't feel like shipping my setup to production with this loophole that could be dangerous. Any opinion on the matter ?

For Docker Please refer to the following: -

For Kubernetes please refer to the following: -

The Traefik and Kubernetes Workshop prepared by Jakub.

I went down the 2nd possibility : relying on mkcert to have locahost valid certificates.

So I have a tls.yml conf

---
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/certs/localhost.crt.pem
        keyFile: /etc/certs/localhost.key.pem
  options:
    mintls:
      minVersion: "VersionTLS12"
      sniStrict: false # set to true for production
      cipherSuites:
        ...

The only annoying point in the setup is that I'll have to enable / disable sniStrict depending on the situation. Still thinking about how to do this cleanly.

The certs are generated with

#!/usr/bin/env bash
set -euo pipefail

if [ ! -f contrib/certs/localhost.key.pem ]; then
  ./mkcert \
    -cert-file contrib/certs/localhost.crt.pem \
    -key-file contrib/certs/localhost.key.pem \
    localhost \
    app.localhost \
    traefik.localhost \
    127.0.0.1 \
    ::1
  chmod 0600 contrib/certs/*.pem
fi

And mounted via docker-compose.yml

  traefik:
    image: traefik:v2.4
    volumes:
      - ./contrib/certs:/etc/certs
    ...

I know it doesn't match the question title, but this is the solution to my real interrogation, how to work with traefik locally when you have TLS configured

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.