tMV3pEj0

· 5 years ago · May 24, 2020, 08:56 AM
1docker-compose.yml
2-----
3version: '3.8'
4serivces:
5  traefik:
6    image: traefik:chevrotin
7    restart: unless-stopped
8    ports:
9      - 53:53/udp
10      - 51820:51820/udp
11      - 80:80
12      - 443:443
13      - 8080:8080
14      - 8082:8082
15    volumes:
16      - /var/run/docker.sock:/var/run/docker.sock:ro
17      - /srv/mkcert/certs:/etc/certs:ro
18      - ./conf/traefik.toml:/etc/traefik/traefik.toml:ro
19      - ./conf/traefik_dynamic.toml:/etc/traefik/traefik_dynamic.toml:ro
20
21
22----------------
23traefik.toml
24[global]
25  sendAnonymousUsage = false
26  checkNewVersion = false
27
28[api]
29  insecure = true
30  dashboard = true
31  debug = true
32
33[log]
34  level = "WARNING"
35
36[providers]
37  [providers.docker]
38    endpoint = "unix:///var/run/docker.sock"
39    exposedByDefault = false
40    watch = true
41    swarmMode = false
42    [docker.tls]
43      cert = "/etc/certs/local-cert.pem"
44      key = "/etc/certs/local-key.pem"
45
46  [providers.file]
47    filename = "/etc/traefik/traefik_dynamic.toml"
48    watch = true
49
50  [entryPoints.web]
51    address = ":80"
52
53  [entryPoints.websecure]
54    address = ":443"
55
56-------------------------
57traefik_dynamic.toml
58[tls]
59  [[tls.certificates]]
60    certFile = "/etc/certs/local-cert.pem"
61    keyFile = "/etc/certs/local-key.pem"
62  [tls.options]
63    [tls.options.default]
64      minVersion = "VersionTLS12"
65      sniStrict = true
66      cipherSuites = [
67        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
68        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
69        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
70        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
71        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
72        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
73        "TLS_AES_128_GCM_SHA256",
74        "TLS_AES_256_GCM_SHA384",
75        "TLS_CHACHA20_POLY1305_SHA256"
76      ]
77      curvePreferences = ["CurveP521","CurveP384"]
78    [tls.options.mintls13]
79      minVersion = "VersionTLS13"
80
81[http]
82  [http.middlewares.compression.compress]
83    excludedContentTypes = ["text/event-stream"]
84
85  [http.middlewares.https-redirect.redirectScheme]
86    scheme = "https"
87    permanent = true
88
89  [http.middlewares.security.headers]
90    accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
91    #accessControlAllowOriginList = "*"
92    accessControlMaxAge = 100
93    addVaryHeader = true
94    browserXssFilter = true
95    contentTypeNosniff = true
96    forceSTSHeader = true
97    frameDeny = true
98    sslRedirect = true
99    #sslForceHost = true
100    stsIncludeSubdomains = true
101    stsPreload = true
102    #ContentSecurityPolicy = "default-src 'self' 'unsafe-inline'"
103    customFrameOptionsValue = "SAMEORIGIN"
104    referrerPolicy = "same-origin"
105    featurePolicy = "vibrate 'self'"
106    stsSeconds = 315360000
107
108
109
110mkcert installé dans le dossier "/srv/mkcert"
111commande exécutée dans le dossier "/srv/mkcert" : ./mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "docker.localhost" "*.docker.localhost" "czs.local" "*.czs.local"