Overview HTTPS & TLS
Traefik supports HTTPS & TLS, which concerns roughly two parts of the configuration:
- Routers: Define how HTTPS traffic is handled.
- TLS Connection: Manage certificates and TLS-specific settings.
For Automated Certification Check this post:
https://wiki.aeoneros.com/books/traefik-reverse-proxy-for-docker-swarm/page/lets-encrypt
Configuring HTTPS in Routers
When a router needs to handle HTTPS traffic, it should include a tls field in its definition. For detailed instructions, refer to the TLS section of the routers documentation.
Managing TLS Connections
To configure the TLS connection itself, you need to:
- Obtain TLS Certificates: This can be done either through:
- Dynamic Configuration: Define certificates directly in your dynamic configuration files.
- Let’s Encrypt (ACME): Automate certificate generation and renewal. Refer to Let’s Encrypt (ACME) Wiki Post for more details.
- Configure TLS Options: Set security policies like minimum TLS version and cipher suites.
- Manage Certificate Stores: Store and retrieve certificates used in TLS connections.
Example: Configuring HTTPS in a Router
http:
routers:
secure-router:
rule: "Host(`example.com`)"
entryPoints:
- websecure
service: my-service
tls:
certResolver: "myresolver"Example: Defining Certificates in Dynamic Configuration
tls:
certificates:
- certFile: "/path/to/cert.crt"
keyFile: "/path/to/cert.key"Example: Using Let’s Encrypt with ACME
certificatesResolvers:
myresolver:
acme:
email: "[email protected]"
storage: "/acme.json"
httpChallenge:
entryPoint: "web"TLS Options Example
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384For a deeper dive into certificate management, TLS options, and other HTTPS configurations, see the official Traefik documentation.