Traefik - configurare SSL

Postat la Sun 21 June 2020 in howto

In continuarea articolului legat de Traefik voi prezenta configurarea acestuia cu SSL.

Modificam fisierul principal de config /etc/traefik.yaml cu adaugarea intrarii HTTPS:

log:
  level: INFO

api:
  insecure: true
  dashboard: true

entryPoints:
  web:
    address: "192.168.25.200:80"
    http:
      redirections:
        entryPoint:
          to: "web-ssl"
          scheme: https
          permanent: true
  web-ssl:
    address: "192.168.25.200:443"

providers:
  file:
    directory: /etc/traefik.d
    watch: true

Unde la punctul de intrare web am adaugat o redirectionare permanenta spre web-ssl.

Configurarea SSL o facem in /etc/traefik.d/tls.yaml

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_RSA_WITH_AES_256_GCM_SHA384
  certificates:
    - certFile: /etc/ssl/gitea.cert
      keyFile: /etc/ssl/gitea.key
  stores:
    default:
      defaultCertificate:
        certFile: /etc/ssl/cert.pem
        keyFile: /etc/ssl/key.pem

Unde am specificat certificatele utilizate precum si un certificat implicit (un certificat cu steluta in cazul meu). Optuni suplimentare regasiti in documentatia oficiala.

Actualizam configuratia serviciului din /etc/traefik.d/gitea.yaml cu adaugarea sectiunii tls:

http:
  routers:
    gitea:
      entryPoints:
      - "web"
      rule: "Host(`gitea.lxd`)"
      service: gitea
      tls:{}
  services:
    gitea:
      loadBalancer:
        servers:
          - url: "http://10.209.214.189:3000/"
        healthCheck:
          path: "/"

traefik