Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

autohttps: traefik's config now configurable and in YAML #1636

Merged
merged 5 commits into from
Apr 24, 2020
Merged

autohttps: traefik's config now configurable and in YAML #1636

merged 5 commits into from
Apr 24, 2020

Commits on Apr 19, 2020

  1. DX: TOML -> YAML to reduce language barriers 

    Traefik can be configured with both YAML and TOML, this transitioned the 
current TOML configuration to a YAML configuration.

- I added some comments while learning about the configuration as well.
- I made the log level become DEBUG if debug.enabled was configured
- We now explicitly set the ACME server to use and avoids using 
Traefik's default value.
    @consideRatio
    consideRatio committed Apr 19, 2020
    Configuration menu
    Copy the full SHA
    441b098 View commit details
    Browse the repository at this point in the history

Commits on Apr 22, 2020

  1. DX: Sustainable configuration of autohttps's traefik

    @consideRatio
    consideRatio committed Apr 22, 2020
    Configuration menu
    Copy the full SHA
    10ad031 View commit details
    Browse the repository at this point in the history

  2. Fix: don't restart autohttps on change to dynamic traefik config

    @consideRatio
    consideRatio committed Apr 22, 2020
    Configuration menu
    Copy the full SHA
    2c66fff View commit details
    Browse the repository at this point in the history

Commits on Apr 24, 2020

  1. HSTS: Comply with HSTS RFC 

    From the [RFC documentation](https://tools.ietf.org/html/rfc6797#section-7.2)
it seems like we "SHOULD" make the http->https redirect permanent (301)
instead of a temporary redirect (302), and that we "MUST NOT" include an
STS header in our redirect response over HTTP which is insecure.
    @consideRatio
    consideRatio committed Apr 24, 2020
    Configuration menu
    Copy the full SHA
    46e7a38 View commit details
    Browse the repository at this point in the history

  2. HSTS: Allow configuration of HSTS preload also 

    A preload value in the STS header indicates that the webserver wants the
browser to add this website to a list which should be considered to be
HTTPS only that can influence other browsers that haven't even visisted
this webserver before.

One can also manually add oneself to such list from
https://hstspreload.org/ if one complies with their requirements, of
which one is that a preload value in the STS header is specified.
    @consideRatio
    consideRatio committed Apr 24, 2020
    Configuration menu
    Copy the full SHA
    eb13535 View commit details
    Browse the repository at this point in the history