-
-
Notifications
You must be signed in to change notification settings - Fork 467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hardening SSL #432
Comments
@georgejung You made the same mistake as me, as not mounting the new dynamic configuration in the traefik docker container! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Want to have something as secure as is possible, being usable. SSL Check by default gives me B rating (https://www.ssllabs.com/ssltest/) due to TLS 1, and weak ciphers.
Describe the solution you'd like
Integrate dynamic config file into the role. The minimum TLS version and accepted ciphers can be set in a dynamic_conf.toml file. If we put that in our templates folder, reference it in our traefik.toml, and update the tasks/main.yml then we can harden the connection significantly, and I have not lost any functionality.
I was able to set the minimum TLS version but the ciphers hasn't seemed to work for me yet in traefik 2.4. I had both minimium tls and ciphers working in my traefik.toml (v1.7).
Describe alternatives you've considered
None
Additional context
https://github.com/georgejung/ansible-nas/tree/master/roles/traefik
I forked and made the changes for this specific issue in the above repo. I was hesitant to do a pull request since I didn't do all of the testing required, but that is my working code, for whatever its worth.
Thanks again for everyone's work on this project.
The text was updated successfully, but these errors were encountered: