homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Define a TLS section to group TLS, TLSOptions, and TLSStores.

Browse source 
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
This commit is contained in:
Ludovic Fernandez 2019-06-27 23:58:03 +02:00 committed by Traefiker Bot
parent c9b2a07bc7
commit 4245096be4
52 changed files with 717 additions and 628 deletions
Download patch file Download diff file Expand all files Collapse all files

7
integration/fixtures/acme/acme_tls.toml
View file

@ -54,6 +54,7 @@ level = "DEBUG"
service = "test"
[http.routers.test.tls]
[tlsStores.default.defaultCertificate]
certFile = "fixtures/acme/ssl/wildcard.crt"
keyFile = "fixtures/acme/ssl/wildcard.key"
[tls.stores]
[tls.stores.default.defaultCertificate]
certFile = "fixtures/acme/ssl/wildcard.crt"
keyFile = "fixtures/acme/ssl/wildcard.key"

15
integration/fixtures/acme/certificates.toml
View file

@ -1,17 +1,16 @@
[http.services]
[http.services.test.loadbalancer]
[[http.services.test.loadbalancer.servers]]
url = "http://127.0.0.1:9010"
[[http.services.test.loadbalancer.servers]]
url = "http://127.0.0.1:9010"
[http.routers]
[http.routers.test]
entryPoints = ["web-secure"]
rule = "Host(`traefik.acme.wtf`)"
service = "test"
[http.routers.test.tls]
entryPoints = ["web-secure"]
rule = "Host(`traefik.acme.wtf`)"
service = "test"
[http.routers.test.tls]
[[tls]]
[[tls.certificates]]
store = ["default"]
[tls.certificate]
certFile = "fixtures/acme/ssl/wildcard.crt"
keyFile = "fixtures/acme/ssl/wildcard.key"

3
integration/fixtures/grpc/config.toml
View file

@ -28,6 +28,7 @@ rootCAs = [ """{{ .CertContent }}""" ]
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""
keyFile = """{{ .KeyContent }}"""

3
integration/fixtures/grpc/config_h2c_termination.toml
View file

@ -26,6 +26,7 @@ level = "DEBUG"
[[http.services.service1.loadbalancer.servers]]
url = "h2c://127.0.0.1:{{ .GRPCServerPort }}"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""
keyFile = """{{ .KeyContent }}"""

3
integration/fixtures/grpc/config_insecure.toml
View file

@ -28,6 +28,7 @@ insecureSkipVerify = true
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""
keyFile = """{{ .KeyContent }}"""

3
integration/fixtures/grpc/config_retry.toml
View file

@ -35,6 +35,7 @@ rootCAs = [ """{{ .CertContent }}""" ]
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""
keyFile = """{{ .KeyContent }}"""

17
integration/fixtures/https/clientca/https_1ca1config.toml
View file

@ -36,16 +36,15 @@ level = "DEBUG"
[[http.services.service2.LoadBalancer.Servers]]
URL = "http://127.0.0.1:9020"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[tlsOptions.default.ClientCA]
[tls.options]
[tls.options.default.ClientCA]
files = ["fixtures/https/clientca/ca1.crt"]
optional = true

18
integration/fixtures/https/clientca/https_2ca1config.toml
View file

@ -36,14 +36,14 @@ level = "DEBUG"
[[http.services.service2.LoadBalancer.Servers]]
URL = "http://127.0.0.1:9020"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[tlsOptions.default.ClientCA]
[[tls.certificates]]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[tls.options]
[tls.options.default.ClientCA]
files = ["fixtures/https/clientca/ca1and2.crt"]

17
integration/fixtures/https/clientca/https_2ca2config.toml
View file

@ -35,16 +35,15 @@ level = "DEBUG"
[[http.services.service2.LoadBalancer.Servers]]
URL = "http://127.0.0.1:9020"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[tlsOptions.default.ClientCA]
[tls.options]
[tls.options.default.ClientCA]
files = ["fixtures/https/clientca/ca1.crt", "fixtures/https/clientca/ca2.crt"]
optional = false

8
integration/fixtures/https/dynamic_https.toml
View file

@ -20,9 +20,8 @@
[[http.services.service2.LoadBalancer.Servers]]
url = "http://127.0.0.1:9020"
[[tls]]
# bad certificates to validate the loop on the certificate appending
[tls.certificate]
# bad certificates to validate the loop on the certificate appending
[[tls.certificates]]
# bad content
certFile = """-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
@ -34,8 +33,7 @@ eRG3DaVpez4DQVupZDHMgxJUYqqKynUj6GD1YiaxGROj3TYCu6e7OxyhalhCllSu
w/X5M802XqzLjeec5zHoZDfknnAkgR9MsxZYmZPFaDyL6GOKUB8=
-----END RSA PRIVATE KEY-----"""
[[tls]]
[tls.certificate]
[[tls.certificates]]
certFile = """-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
BAMMC3NuaXRlc3Qub3JnMB4XDTE1MTEyMzIyMDU0NFoXDTI1MTEyMDIyMDU0NFow

13
integration/fixtures/https/dynamic_https_sni_default_cert.toml
View file

@ -31,16 +31,15 @@ level = "DEBUG"
[[http.services.service1.LoadBalancer.Servers]]
url = "http://127.0.0.1:9010"
[[tls]]
[tls.certificate]
[[tls.certificates]]
certFile = "fixtures/https/wildcard.snitest.com.cert"
keyFile = "fixtures/https/wildcard.snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/www.snitest.com.cert"
keyFile = "fixtures/https/www.snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/www.snitest.com.cert"
keyFile = "fixtures/https/www.snitest.com.key"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"

14
integration/fixtures/https/https_sni.toml
View file

@ -36,12 +36,10 @@ level = "DEBUG"
[[http.services.service2.LoadBalancer.Servers]]
URL = "http://127.0.0.1:9020"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"

10
integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
View file

@ -31,11 +31,11 @@ level = "DEBUG"
[[http.services.service1.LoadBalancer.Servers]]
url = "http://127.0.0.1:9010"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/uppercase_wildcard.www.snitest.com.cert"
keyFile = "fixtures/https/uppercase_wildcard.www.snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/uppercase_wildcard.www.snitest.com.cert"
keyFile = "fixtures/https/uppercase_wildcard.www.snitest.com.key"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = "fixtures/https/wildcard.snitest.com.cert"
keyFile = "fixtures/https/wildcard.snitest.com.key"

17
integration/fixtures/https/https_sni_default_cert.toml
View file

@ -31,16 +31,15 @@ level = "DEBUG"
[[http.services.service1.LoadBalancer.Servers]]
url = "http://127.0.0.1:9010"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/wildcard.snitest.com.cert"
keyFile = "fixtures/https/wildcard.snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/wildcard.snitest.com.cert"
keyFile = "fixtures/https/wildcard.snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/www.snitest.com.cert"
keyFile = "fixtures/https/www.snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/www.snitest.com.cert"
keyFile = "fixtures/https/www.snitest.com.key"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"

18
integration/fixtures/https/https_sni_strict.toml
View file

@ -1,9 +1,9 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
level = "DEBUG"
[entryPoints]
[entryPoints.web-secure]
@ -26,11 +26,13 @@ level = "DEBUG"
[[http.services.service1.LoadBalancer.Servers]]
url = "http://127.0.0.1:9010"
[tlsOptions.default]
[tls.options]
[tls.options.default]
sniStrict = true
[tlsStores.default]
[tlsStores.default.DefaultCertificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.DefaultCertificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"

20
integration/fixtures/https/https_tls_options.toml
View file

@ -44,18 +44,18 @@ level = "DEBUG"
[[http.services.service2.LoadBalancer.Servers]]
URL = "http://127.0.0.1:9020"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.com.cert"
keyFile = "fixtures/https/snitest.com.key"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[[tls.certificates]]
certFile = "fixtures/https/snitest.org.cert"
keyFile = "fixtures/https/snitest.org.key"
[tlsoptions.foo]
[tls.options]
[tls.options.foo]
minversion = "VersionTLS11"
[tlsoptions.bar]
[tls.options.bar]
minversion = "VersionTLS12"

3
integration/fixtures/tcp/mixed.toml
View file

@ -64,7 +64,6 @@ level = "DEBUG"
[[tcp.services.whoami-no-cert.loadbalancer.servers]]
address = "localhost:8083"
[[tls]]
[tls.certificate]
[[tls.certificates]]
certFile = "fixtures/tcp/whoami-c.crt"
keyFile = "fixtures/tcp/whoami-c.key"

6
integration/fixtures/tcp/multi-tls-options.toml
View file

@ -35,8 +35,10 @@ level = "DEBUG"
[[tcp.services.whoami-no-cert.loadbalancer.servers]]
address = "localhost:8083"
[tlsoptions.foo]
[tls.options]
[tls.options.foo]
minversion = "VersionTLS11"
[tlsoptions.bar]
[tls.options.bar]
minversion = "VersionTLS12"

22
integration/fixtures/tlsclientheaders/simple.toml
View file

@ -1,12 +1,12 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
level = "DEBUG"
[serversTransport]
rootCAs = [ """{{ .RootCertContent }}""" ]
rootCAs = [ """{{ .RootCertContent }}""" ]
[entryPoints]
[entryPoints.web-secure]
@ -15,16 +15,18 @@ rootCAs = [ """{{ .RootCertContent }}""" ]
[api]
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
[providers.file]
[providers.file]
[tlsOptions.default.ClientCA]
[tls.options]
[tls.options.default.ClientCA]
files = [ """{{ .RootCertContent }}""" ]
optional = false
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = """{{ .ServerCertContent }}"""
keyFile = """{{ .ServerKeyContent }}"""

3
integration/fixtures/websocket/config_https.toml
View file

@ -30,6 +30,7 @@ insecureSkipVerify=true
[[http.services.service1.LoadBalancer.Servers]]
URL = "{{ .WebsocketServer }}"
[tlsStores.default.DefaultCertificate]
[tls.stores]
[tls.stores.default.DefaultCertificate]
certFile = "resources/tls/local.cert"
keyFile = "resources/tls/local.key"

12
integration/https_test.go
View file

@ -799,12 +799,14 @@ func modifyCertificateConfFileContent(c *check.C, certFileName, confFileName, en
// If certificate file is not provided, just truncate the configuration file
if len(certFileName) > 0 {
tlsConf := config.Configuration{
TLS: []*traefiktls.Configuration{{
Certificate: &traefiktls.Certificate{
CertFile: traefiktls.FileOrContent("fixtures/https/" + certFileName + ".cert"),
KeyFile: traefiktls.FileOrContent("fixtures/https/" + certFileName + ".key"),
TLS: &config.TLSConfiguration{
Certificates: []*traefiktls.CertAndStores{{
Certificate: traefiktls.Certificate{
CertFile: traefiktls.FileOrContent("fixtures/https/" + certFileName + ".cert"),
KeyFile: traefiktls.FileOrContent("fixtures/https/" + certFileName + ".key"),
}},
},
}},
},
}
var confBuffer bytes.Buffer