TLS Options Configuration Docker Label based

seoka · November 11, 2019, 4:52pm

Hey there,
I would like to request t a feature. As TLS Options are treated as dynamic Configuration I would expect my docker-compose file to work as a charm. I like keeping the Configuration from any Volumes mounted to the Host.

version: '3.7'
services:
  traefik:
    image: traefik:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.seoka.tld`, `traefik.seoka.othertld`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=https"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.middlewares=authy"

      - "traefik.http.routers.https-redirect.rule=HostRegexp(`{any:.+}`)"
      - "traefik.http.routers.https-redirect.middlewares=https-redirect"
      - "traefik.http.routers.https-redirect.service=dummy"
      - "traefik.http.routers.https-redirect.entrypoints=http"

      - "traefik.http.middlewares.default.chain.middlewares=caterror,toManyRequests,compressor,retrys"

      - "traefik.http.middlewares.compressor.compress=true"

      - "traefik.http.middlewares.caterror.errors.status=400-599"
      - "traefik.http.middlewares.caterror.errors.service=caterror"
      - "traefik.http.middlewares.caterror.errors.query=/{status}"

      - "traefik.http.middlewares.toManyRequests.inflightreq.amount=20"

      - "traefik.http.middlewares.retrys.retry.attempts=10"

#      - "traefik.tls.options.default.minVersion=VersionTLS12"
#      - "traefik.tls.options.default.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
#      - "traefik.tls.options.default.sniStrict=true"

      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.services.dummy.loadbalancer.server.url=:999"
    ports:
      - ip:80:80
      - ip:443:443
      - ip:3306:3306
    networks:
      - web
      - db
    volumes:
      - "/srv/docker/traefik/acme:/etc/traefik/acme"
      - "/var/log/traefik_4xx:/var/log/access.log"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/localtime:/etc/localtime:ro"
    hostname: traefik.seoka.tld
    restart: unless-stopped
    env_file:
      - configuration.env
    healthcheck:
      test: ["CMD", "traefik", "healthcheck"]
      interval: 15s
      timeout: 10s
      retries: 10
      start_period: 1m

  errorCats:
    image: alpine/socat
    command: -x tcp-listen:80,fork,reuseaddr OPENSSL:http.cat:443
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.caterror.loadbalancer.server.port=80"
    networks:
      - web


networks:
  web:
    external:
      name: web
  db:
    external:
      name: db

The commented lines are the ones in question.
Is anyone planing to implement this feature?

Kind regards,
Seoka

seoka · November 19, 2019, 12:59pm

There is a related ticket on Github.

Topic		Replies	Views
Reliably set TLS options with the docker provider Traefik v2 docker	1	1334	April 3, 2022
Disable TLS 1.0 and 1.1 for docker Traefik v2 docker	8	9393	September 18, 2020
How to correctly write the TLS data configuration at docker-compose file for TRFK-V2? Traefik v2 docker	6	3030	April 25, 2023
Custom SSL (TLS) configuration with docker Traefik v2 docker	10	805	March 11, 2024
Documentation (syntax) for tls.options Traefik v2 docker	3	519	February 10, 2020

TLS Options Configuration Docker Label based

Related Topics