Hy, i am starting to use traefik 2.0.
I got it working but the rating on ssllabs is only B
=> This server does not support Forward Secrecy with the reference browsers. Grade capped to B.
=> This server supports TLS 1.0 and TLS 1.1. Grade will be capped to B from January 2020.
Should i add some more configuration params ???
My configuration
Traefik compose file
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myhttpchallenge.acme.email=jhmnieuwenhuis@gmail.com"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
Pgadmin4 compose file
labels:
- "traefik.enable=true"
- "traefik.docker.network=mynetwork"
# Set up redirect on insecure port to https 443 (using an arbitrary middleware name of `pgadmin4-redirect`)
# `pgadmin4-web` is the router name for http to https redirection
- "traefik.http.routers.pgadmin4-web.entrypoints=web"
- "traefik.http.routers.pgadmin4-web.rule=Host(`pgadmin4.jhmnieuwenhuis.com`)"
- "traefik.http.middlewares.pgadmin4-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.pgadmin4-redirect.redirectscheme.permanent=true"
- "traefik.http.routers.pgadmin4-web.middlewares=pgadmin4-redirect@docker"
# Handle secure traffic (requires a separate frontend router for TLS)
# `pgadmin4-websecure` is the router name for TLS connections
- "traefik.http.routers.pgadmin4-websecure.entrypoints=websecure"
- "traefik.http.routers.pgadmin4-websecure.rule=Host(`pgadmin4.jhmnieuwenhuis.com`)"
- "traefik.http.routers.pgadmin4-websecure.tls=true"
# Define which port to connect to the service on (backend)
- "traefik.http.services.pgadmin4-service.loadbalancer.server.port=5050"