Improve SSL rating #8

Merged

decentral1se merged 1 commits from enable-better-ssl into master 2020-10-27 12:46:55 +00:00

Conversation 2 Commits 1 Files Changed 4 +33 -11

decentral1se commented 2020-10-27 11:58:29 +00:00

Owner

Copy Link

Following https://git.autonomic.zone/coop-cloud/traefik/issues/4.

According to https://tferdinand.net/en/traefik-2-tls-configuration/.

I'm refactoring the FILE_PROVIDER_ENABLED out to a new env var:

• KEYCLOAK_MIDDLEWARE_ENABLED=1/0

Because now, we'll always want to use this new label:

• - "traefik.http.routers.${STACK_NAME}.tls.options=default@file"
• - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"

Because it gives us good SSL ratings. This means, we'll always want to include the file-provider.yml in whatever Traefik deployment we have. And sometimes disable the Keycloak support.

I'm currently deploying this for our swarm traefik + autonomic.zone...

Will report back...

Following https://git.autonomic.zone/coop-cloud/traefik/issues/4. According to https://tferdinand.net/en/traefik-2-tls-configuration/. I'm refactoring the `FILE_PROVIDER_ENABLED` out to a new env var: - `KEYCLOAK_MIDDLEWARE_ENABLED=1/0` Because now, we'll *always* want to use this new label: - `- "traefik.http.routers.${STACK_NAME}.tls.options=default@file"` - `- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"` Because it gives us good SSL ratings. This means, we'll always want to include the `file-provider.yml` in whatever Traefik deployment we have. And sometimes disable the Keycloak support. I'm currently deploying this for our swarm traefik + autonomic.zone... Will report back...

decentral1se commented 2020-10-27 12:20:43 +00:00

Author

Owner

Copy Link

Was working with this env vars diff:

diff --git a/traefik.autonomic.zone.env b/traefik.autonomic.zone.env
index f772ae0..eb8555a 100644
--- a/traefik.autonomic.zone.env
+++ b/traefik.autonomic.zone.env
@@ -14,9 +14,9 @@ export TRAEFIK_YML_VERSION=v1
 
 # Enable Keycloak
 export COMPOSE_FILE="compose.yml:compose.keycloak.yml:compose.smtp.yml"
-export FILE_PROVIDER_ENABLED=1
 
 # Options for file-provider / Keycloak SSO
+export KEYCLOAK_MIDDLEWARE_ENABLED=1
 export FILE_PROVIDER_YML_VERSION=v1
 
 # SMTP setup enabled

Was working with this env vars diff: ```diff diff --git a/traefik.autonomic.zone.env b/traefik.autonomic.zone.env index f772ae0..eb8555a 100644 --- a/traefik.autonomic.zone.env +++ b/traefik.autonomic.zone.env @@ -14,9 +14,9 @@ export TRAEFIK_YML_VERSION=v1 # Enable Keycloak export COMPOSE_FILE="compose.yml:compose.keycloak.yml:compose.smtp.yml" -export FILE_PROVIDER_ENABLED=1 # Options for file-provider / Keycloak SSO +export KEYCLOAK_MIDDLEWARE_ENABLED=1 export FILE_PROVIDER_YML_VERSION=v1 # SMTP setup enabled ```

decentral1se changed title from WIP: improve SSL rating to Improve SSL rating 2020-10-27 12:45:55 +00:00

decentral1se commented 2020-10-27 12:46:30 +00:00

Author

Owner

Copy Link

A+

A+

2020-10-27_13:45_1840x820.png

127 KiB

decentral1se referenced this issue from a commit 2020-10-27 12:46:54 +00:00

Merge pull request 'Improve SSL rating' (#8) from enable-better-ssl into master Reviewed-on: https://git.autonomic.zone/coop-cloud/traefik/pulls/8

decentral1se merged commit 068925bed2 into master 2020-10-27 12:46:54 +00:00

decentral1se deleted branch enable-better-ssl 2020-10-27 12:48:44 +00:00

decentral1se referenced this pull request 2020-10-27 12:50:12 +00:00

Improve SSL Labs Rating by tweaking TLS configs #4

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/traefik#8

No description provided.