tljh/traefik-dynamic.toml.tpl

# traefik.toml dynamic config (mostly TLS)
# dynamic config in the static config file will be ignored
{%- if https['enabled'] %}
[tls]
  [tls.options.default]
  minVersion = "VersionTLS12"
  cipherSuites = [
    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
  ]
  {%- if https['tls']['cert'] %}
  [tls.stores.default.defaultCertificate]
    certFile = "{{ https['tls']['cert'] }}"
    keyFile = "{{ https['tls']['key'] }}"
  {%- endif %}

  {%- if https['letsencrypt']['email'] and https['letsencrypt']['domains'] %}
  [tls.stores.default.defaultGeneratedCert]
  resolver = "letsencrypt"
    [tls.stores.default.defaultGeneratedCert.domain]
    main = "{{ https['letsencrypt']['domains'][0] }}"
    sans = [
      {% for domain in https['letsencrypt']['domains'][1:] -%}
      "{{ domain }}",
      {%- endfor %}
    ]
  {%- endif %}
{%- endif %}
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00			`# traefik.toml dynamic config (mostly TLS)`
			`# dynamic config in the static config file will be ignored`
Consistent whitespace chomping in jinja templates Always chomp left, never right. This is what we do in the helm chart templates and has been very easy to be consistent with for a good result with little to no issues. 2023-05-18 11:18:09 +02:00			`{%- if https['enabled'] %}`
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00			`[tls]`
			`[tls.options.default]`
			`minVersion = "VersionTLS12"`
Specify tls cipher suites Co-authored-by: Mridul Seth <mail@mriduls.com> 2023-05-16 21:12:10 +02:00			`cipherSuites = [`
			`"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",`
			`"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",`
			`"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",`
			`"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",`
			`]`
Consistent whitespace chomping in jinja templates Always chomp left, never right. This is what we do in the helm chart templates and has been very easy to be consistent with for a good result with little to no issues. 2023-05-18 11:18:09 +02:00			`{%- if https['tls']['cert'] %}`
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00			`[tls.stores.default.defaultCertificate]`
			`certFile = "{{ https['tls']['cert'] }}"`
			`keyFile = "{{ https['tls']['key'] }}"`
update letsEncrypt config after testing verified this works now 2023-05-16 13:05:34 +02:00			`{%- endif %}`
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00
Consistent whitespace chomping in jinja templates Always chomp left, never right. This is what we do in the helm chart templates and has been very easy to be consistent with for a good result with little to no issues. 2023-05-18 11:18:09 +02:00			`{%- if https['letsencrypt']['email'] and https['letsencrypt']['domains'] %}`
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00			`[tls.stores.default.defaultGeneratedCert]`
			`resolver = "letsencrypt"`
			`[tls.stores.default.defaultGeneratedCert.domain]`
			`main = "{{ https['letsencrypt']['domains'][0] }}"`
			`sans = [`
update letsEncrypt config after testing verified this works now 2023-05-16 13:05:34 +02:00			`{% for domain in https['letsencrypt']['domains'][1:] -%}`
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00			`"{{ domain }}",`
update letsEncrypt config after testing verified this works now 2023-05-16 13:05:34 +02:00			`{%- endfor %}`
update for traefik v2, treafik-proxy v1 - tls config is no longer allowed in static config file, add separate dynamic config - no longer need to persist auth config ourselves (TraefikProxy handles this) - make sure to reload proxy before reloading hub in tests 2023-05-15 10:53:53 +02:00			`]`
update letsEncrypt config after testing verified this works now 2023-05-16 13:05:34 +02:00			`{%- endif %}`
Consistent whitespace chomping in jinja templates Always chomp left, never right. This is what we do in the helm chart templates and has been very easy to be consistent with for a good result with little to no issues. 2023-05-18 11:18:09 +02:00			`{%- endif %}`