After many, many attempts to get an A+ rating on ssllabs, and going through all topics that seemed related, I've come to the point where I need help. I'm using the following configuration to have multiple containers use at least TLS 1.2.
global: checkNewVersion: false providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false network: proxy file: filename: /etc/traefik/traefikfile.yaml entryPoints: http: address: ":80" https: address: ":443" tls: options: default: minVersion: "VersionTLS12" cipherSuites: - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sniStrict: true certificatesResolvers: default: acme: email: firstname.lastname@example.org storage: /etc/traefik/acme/acmev2.json keyType: EC384 httpChallenge: entryPoint: http api: dashboard: true
and the labels of a single container
labels: - traefik.enable=true - traefik.http.routers.servicename.rule=Host(`some.domain.com`) - traefik.http.routers.servicename.tls=true - traefik.http.routers.servicename.tls.options=default - traefik.http.routers.servicename.tls.certresolver=default
I've also tried without the
tls.options label, as that would make sense, but neither gave the result I was looking for.
There is currently also no mention of any TLS options being set in the DEBUG log.
Can anyone tell me what I'm doing wrong?