coop-cloud
/
traefik
4
0
Fork 2
Code Issues 5 Pull Requests Releases Wiki Activity
Labels Milestones
New Pull Request

Improve SSL rating #8

Merged
decentral1se merged 1 commits from enable-better-ssl into master 2 years ago
Conversation 2 Commits 1 Files Changed 4
4 changed files with 33 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      compose.keycloak.yml
  2. 7
      compose.yml
  3. 25
      file-provider.yml
  4. 2
      traefik.yml

10
compose.keycloak.yml
Unescape View File

@ -3,16 +3,8 @@ version: "3.8" @@ -3,16 +3,8 @@ version: "3.8"
services:
app:
configs:
- source: file_provider_yml
target: /etc/traefik/file-provider.yml
deploy:
labels:
- "traefik.http.routers.traefik.middlewares=keycloak@file"
environment:
- FILE_PROVIDER_ENABLED
configs:
file_provider_yml:
name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
file: file-provider.yml
- KEYCLOAK_MIDDLEWARE_ENABLED

7
compose.yml
Unescape View File

@ -14,6 +14,8 @@ services: @@ -14,6 +14,8 @@ services:
configs:
- source: traefik_yml
target: /etc/traefik/traefik.yml
- source: file_provider_yml
target: /etc/traefik/file-provider.yml
networks:
- proxy
environment:
@ -34,7 +36,9 @@ services: @@ -34,7 +36,9 @@ services:
- "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=web-secure"
- "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.traefik.tls.options=default@file"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=security@file"
networks:
proxy:
@ -45,6 +49,9 @@ configs: @@ -45,6 +49,9 @@ configs:
name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
file: traefik.yml
template_driver: golang
file_provider_yml:
name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
file: file-provider.yml
volumes:
letsencrypt:

25
file-provider.yml
Unescape View File

@ -1,9 +1,34 @@ @@ -1,9 +1,34 @@
---
http:
middlewares:
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
keycloak:
forwardAuth:
address: "http://traefik-forward-auth:4181"
trustForwardHeader: true
authResponseHeaders:
- X-Forwarded-User
{{ end }}
security:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: "31536000"
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true

2
traefik.yml
Unescape View File

@ -8,10 +8,8 @@ providers: @@ -8,10 +8,8 @@ providers:
exposedByDefault: false
network: proxy
swarmMode: true
{{ if eq (env "FILE_PROVIDER_ENABLED") "1" }}
file:
filename: /etc/traefik/file-provider.yml
{{ end }}
api:
dashboard: {{ env "DASHBOARD_ENABLED" }}

Write Preview
Loading…
Cancel
Save