Commit 0a2f8255 authored by Nicolas Gelot's avatar Nicolas Gelot
Browse files

Enforce TLS configuration

TLS configuration is done in a config file. Waiting for
https://github.com/containous/traefik/issues/5507 to avoid
to mount a volume.
parent 06a2290a
......@@ -119,4 +119,4 @@ deploy:spot.cloud.global:
SSH_PRIVATE_KEY: ${SSH_PRIVATE_KEY_PROD}
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker-compose up -d --scale tor=5
- docker-compose up -d --build --scale tor=5
......@@ -55,7 +55,9 @@ services:
- "traefik.http.routers.spot_proxy.tls.certresolver=spotchallenge"
traefik:
image: "traefik:v2.1.3"
build:
context: .
dockerfile: traefik.Dockerfile
logging: *default-logging
restart: unless-stopped
command:
......@@ -66,6 +68,7 @@ services:
- "--certificatesresolvers.spotchallenge.acme.tlschallenge=true"
- "--certificatesresolvers.spotchallenge.acme.email=contact@e.email"
- "--certificatesresolvers.spotchallenge.acme.storage=/letsencrypt/acme.json"
- "--providers.file.filename=/etc/traefik/config.yml"
ports:
- "80:80"
- "443:443"
......
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
FROM traefik:v2.1.3
COPY etc/traefik/config.yml /etc/traefik/config.yml
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment