extern/christianlempa-boilerplates
1
0
Fork 0
mirror of https://github.com/ChristianLempa/boilerplates.git synced 2024-11-29 03:33:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
6bbd357570
christianlempa-boilerplates/docker-compose/traefik
History
Christian c183de3803 Add readme for cert-manager 
Fixes #35 and cipher security for traefik
2022-02-21 09:41:33 +01:00
..
config Add readme for cert-manager 2022-02-21 09:41:33 +01:00
docker-compose.yml ssl cert store update and self-signed cert support 2021-12-14 18:12:08 +01:00
README.md Add readme for cert-manager 2022-02-21 09:41:33 +01:00

README.md

Installation

TODO: #21 Improve traefik docu

Data Persistence

... Storing Data in the /etc/traefik directory on the host, passing through...

    volumes:
      - /etc/traefik:/etc/traefik

Self-Signed Certificates

According to traefik's documentation it will automatically generate self-signed Certificates if no Default Certificate is provided. If you'd like to overwrite the self-signed Certificate with your own, uncomment the section for

# (Optional) Overwrite Default Certificates
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/certs/cert.pem
        keyFile: /etc/traefik/certs/cert-key.pem

Replace the /etc/traefik/certs/cert.pem with your certificate file, and the /etc/traefik/certs/cert-key.pem with your certificate key.

Best-Practices & Post-Installation

MinTLS Version

TLS 1.0 and 1.1 are not longer secure! Consider disabling it in the Traefik Configuration.

providers:
  docker:
    exposedByDefault: false  # Default is true
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true