Questions regarding my Traefik 3 configuration

Traefik Traefik v3 (latest)
, ,
1

Hello,
I have a few questions regarding my docker compose file.

  1. Do I need to explicitly set entryPoints.websecure.http.tls = true if I set a certResolver, same goes for dnschallenge?
  2. Do I have to set the certresolver within labels when I set it to letsEncrypt in the static configuration, does this apply to other containers as well where I enable Traefik?
  3. Can TLS be set to minimum TLS1.3 within the compose file? (Currently using a external file)
tls:
  options:
    default:
      minVersion: VersionTLS13
  1. Can I improve my compose file in any way?
services: 
  traefik:
    container_name: traefik
    image: traefik:v3.0.1
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    command:
    # API
      - --api=true
      - --api.disabledashboardad=true
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=traefik_backend
      - --providers.file.directory=/container/rules
    # Entry-Points: Web & Websecure
      - --entryPoints.web.address=:80
      - --entryPoints.web.http.redirections.entryPoint.to=websecure
      - --entryPoints.websecure.address=:443
      - --entryPoints.websecure.asDefault=true
      - --entryPoints.websecure.http3=true
      - --entryPoints.websecure.http.tls=true
      - --entryPoints.websecure.http.tls.certResolver=letsEncrypt
      - --entryPoints.websecure.http.tls.domains[0].main=${DOMAIN}
      - --entryPoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}
      - --entryPoints.websecure.http.tls.options=tls@file
    # Certificate Resolvers: LetsEncrypt - DNS Challenge
      #- --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory # Default
      - --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory # Staging
      - --certificatesresolvers.letsEncrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsEncrypt.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.letsEncrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesresolvers.letsEncrypt.acme.email=${CF_EMAIL}
      - --certificatesresolvers.letsEncrypt.acme.storage=/container/tls/acme.json
    environment:
      - DOMAIN=${DOMAIN}
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - CF_EMAIL=${CF_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
      - CF_ZONE_API_TOKEN=${CF_ZONE_API_TOKEN}
      - TRAEFIK_BASICAUTH=${TRAEFIK_BASICAUTH}
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=websecure
      - traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
      - traefik.http.routers.traefik.tls.certresolver=letsEncrypt
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.middlewares=auth
      - traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASICAUTH}
    networks:
      frontend:
      backend:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/rules:/container/rules
      - ./data/tls:/container/tls
networks:
  frontend:
  backend:
    ipv4_addres: 10.0.0.1

I tried to piece everything together myself but I have a really hard time with the docs.

2
  1. No
  2. No and Yes
  3. No, only with externally dynamic config file
3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.