After many, many attempts to get an A+ rating on ssllabs, and going through all topics that seemed related, I've come to the point where I need help. I'm using the following configuration to have multiple containers use at least TLS 1.2.
traefik.yaml
global:
checkNewVersion: false
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: proxy
file:
filename: /etc/traefik/traefikfile.yaml
entryPoints:
http:
address: ":80"
https:
address: ":443"
tls:
options:
default:
minVersion: "VersionTLS12"
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
sniStrict: true
certificatesResolvers:
default:
acme:
email: some@email.com
storage: /etc/traefik/acme/acmev2.json
keyType: EC384
httpChallenge:
entryPoint: http
api:
dashboard: true
and the labels of a single container
labels:
- traefik.enable=true
- traefik.http.routers.servicename.rule=Host(`some.domain.com`)
- traefik.http.routers.servicename.tls=true
- traefik.http.routers.servicename.tls.options=default
- traefik.http.routers.servicename.tls.certresolver=default
I've also tried without the tls.options
label, as that would make sense, but neither gave the result I was looking for.
There is currently also no mention of any TLS options being set in the DEBUG log.
Can anyone tell me what I'm doing wrong?