Adds more secure TLS defaults (min. TLS v1.2, strong ciphers, prevents downgrade attacks on TLS and DTLS)

2020-04-04 23:39:30 +02:00 · 2020-04-04 23:39:30 +02:00 · f0825a10c1
commit f0825a10c1
parent fa2bc834ef
4 changed files with 39 additions and 3 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -9,6 +9,23 @@
    group: '{{ docker_user }}'
  tags: config

+- name: Ensure traefik rules directory exists
+  file:
+    path: /home/{{ docker_user }}/traefik/rules
+    state: directory
+    owner: '{{ docker_user }}'
+    group: '{{ docker_user }}'
+  tags: config
+
+- name: Provide TLS default options
+  template:
+    src: templates/t2-rules-tls-options.toml.j2
+    dest: /home/{{ docker_user }}/traefik/rules/tls-options.toml
+    owner: "{{ docker_user }}"
+    group: "{{ docker_user }}"
+    mode: '0644'
+  tags: config
+
 - name: Provide docker-compose.yml
  template:
    src: templates/docker-compose.traefik.yml.j2