...
/!\ the port configured here are 80 and 443. make sure they are free, 80 is mandatory for acme challenges (Let’s encrypt)
Code Block |
---|
|
api:
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
websecure:
address: ":443"
http:
middlewares:
- secureHeaders@file
tls:
certResolver: letsencrypt
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /configurations/dynamic.yml
certificatesResolvers:
letsencrypt:
acme:
email: contact@YOURDOMAIN
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
|
...
Code Block |
---|
vi traefik/configurations/dynamic.yml |
Code Block |
---|
|
# Dynamic configuration
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
user-auth:
basicAuth:
users:
- "username:$$2y$$05$$hashed_password"
# routers:
# example:
# rule: "Host(`example.YOURDOMAIN`)"
# service: example-secured
# entryPoints: websecure
# tls:
# certResolver: letsencrypt
# services:
# nazkaban-example:
# loadBalancer:
# servers:
# - url: "http://YOURSTATIC_IP:YOURSTATIC_PORT"
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
|
...