Update TLS support / add access logging by default

Tam · Tam · commit 86365fdefb59 · 2024-01-25T15:25:57.000Z
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -17,6 +17,8 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik.yml:/etc/traefik/traefik.yml:delegated
       - ./acme.json:/acme.json:delegated
+      - ./logs:/logs:delegated
+      - ./dynamic.yml:/dynamic.yml:ro
 
 networks:
   proxy:
diff --git a/dynamic.yml b/dynamic.yml
@@ -0,0 +1,11 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+    mintls13:
+      minVersion: VersionTLS13
diff --git a/install.sh b/install.sh
@@ -22,8 +22,12 @@ chmod 600 acme.json
 # Copy docker-compose
 curl https://raw.githubusercontent.com/ethercreative/docker-remote-proxy/main/docker-compose.yml >> docker-compose.yml
 
-# Copy Treafik config
+# Copy Treafik configs
 curl https://raw.githubusercontent.com/ethercreative/docker-remote-proxy/main/traefik.yml >> traefik.yml
+curl https://raw.githubusercontent.com/ethercreative/docker-remote-proxy/main/dynamic.yml >> dynamic.yml
+
+# Create logs folder
+mkdir logs
 
 # Create the proxy network (if not exists)
 docker network ls|grep proxy > /dev/null || docker network create --driver bridge proxy
diff --git a/traefik.yml b/traefik.yml
@@ -2,6 +2,8 @@ providers:
   docker:
     exposedByDefault: false
     network: proxy
+  file:
+    filename: /dynamic.yml
 
 api:
   insecure: false # Set to true if you want to access the dashboard on :8080
@@ -31,3 +33,12 @@ certificatesResolvers:
 #      dnsChallenge:
 #        provider: digitalocean
 #        delayBeforeCheck: 0
+
+accessLog:
+  filePath: "/logs/access.log"
+  fields:
+    defaultMode: keep
+    names:
+      defaultMode: keep
+    headers:
+      defaultMode: keep
