Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0a2f8255 authored by Nicolas Gelot's avatar Nicolas Gelot
Browse files

Enforce TLS configuration 

TLS configuration is done in a config file. Waiting for
https://github.com/containous/traefik/issues/5507 to avoid
to mount a volume.
parent 06a2290a

.gitlab-ci.yml

+1 −1
Original line number Original line Diff line number Diff line
@@ -119,4 +119,4 @@ deploy:spot.cloud.global: 
    SSH_PRIVATE_KEY: ${SSH_PRIVATE_KEY_PROD}

    SSH_PRIVATE_KEY: ${SSH_PRIVATE_KEY_PROD}

  script:

  script:

    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY

    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY

    - docker-compose up -d --scale tor=5
 
    - docker-compose up -d --build --scale tor=5

docker-compose.yml

+4 −1
Original line number Original line Diff line number Diff line
@@ -55,7 +55,9 @@ services: 
      - "traefik.http.routers.spot_proxy.tls.certresolver=spotchallenge"

      - "traefik.http.routers.spot_proxy.tls.certresolver=spotchallenge"





  traefik:

  traefik:

    image: "traefik:v2.1.3"

    build:

      context: .

      dockerfile: traefik.Dockerfile

    logging: *default-logging

    logging: *default-logging

    restart: unless-stopped

    restart: unless-stopped

    command:

    command:
@@ -66,6 +68,7 @@ services: 
      - "--certificatesresolvers.spotchallenge.acme.tlschallenge=true"

      - "--certificatesresolvers.spotchallenge.acme.tlschallenge=true"

      - "--certificatesresolvers.spotchallenge.acme.email=contact@e.email"

      - "--certificatesresolvers.spotchallenge.acme.email=contact@e.email"

      - "--certificatesresolvers.spotchallenge.acme.storage=/letsencrypt/acme.json"

      - "--certificatesresolvers.spotchallenge.acme.storage=/letsencrypt/acme.json"

      - "--providers.file.filename=/etc/traefik/config.yml"

    ports:

    ports:

      - "80:80"

      - "80:80"

      - "443:443"

      - "443:443"

etc/traefik/config.yml

0 → 100644
+8 −0
Original line number Original line Diff line number Diff line 
tls:

  options:

    default:

      minVersion: VersionTLS12

      cipherSuites:

        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

traefik.Dockerfile

0 → 100644
+3 −0
Original line number Original line Diff line number Diff line 
FROM traefik:v2.1.3



COPY etc/traefik/config.yml /etc/traefik/config.yml