Define TLS options on the Router configuration

Co-authored-by: juliens <julien@containo.us>
2019-06-17 18:14:08 +02:00 · 2019-06-17 18:14:08 +02:00 · 85ce16b34f
commit 85ce16b34f
parent d306c8fd50
24 changed files with 958 additions and 148 deletions
--- a/integration/fixtures/https/https_tls_options.toml
+++ b/integration/fixtures/https/https_tls_options.toml
@ -0,0 +1,62 @@
+[global]
+checkNewVersion = false
+sendAnonymousUsage = false
+
+[log]
+level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web-secure]
+  address = ":4443"
+
+[api]
+
+[providers]
+   [providers.file]
+
+[http.routers]
+  [http.routers.router1]
+    Service = "service1"
+    Rule = "Host(`snitest.com`)"
+    [http.routers.router1.tls]
+      options = "foo"
+
+  [http.routers.router2]
+    Service = "service2"
+    Rule = "Host(`snitest.org`)"
+    [http.routers.router2.tls]
+      options = "bar"
+
+  [http.routers.router3]
+    Service = "service2"
+    Rule = "Host(`snitest.org`)"
+    [http.routers.router3.tls]
+      options = "unknown"
+
+[http.services]
+  [http.services.service1]
+    [http.services.service1.LoadBalancer]
+      [[http.services.service1.LoadBalancer.Servers]]
+        URL = "http://127.0.0.1:9010"
+
+  [http.services.service2]
+    [http.services.service2.LoadBalancer]
+      [[http.services.service2.LoadBalancer.Servers]]
+        URL = "http://127.0.0.1:9020"
+
+
+[[tls]]
+  [tls.certificate]
+     certFile = "fixtures/https/snitest.com.cert"
+     keyFile = "fixtures/https/snitest.com.key"
+
+[[tls]]
+  [tls.certificate]
+     certFile = "fixtures/https/snitest.org.cert"
+     keyFile = "fixtures/https/snitest.org.key"
+
+[tlsoptions.foo]
+    minversion = "VersionTLS11"
+
+[tlsoptions.bar]
+    minversion = "VersionTLS12"
--- a/integration/fixtures/ratelimit/simple.toml
+++ b/integration/fixtures/ratelimit/simple.toml
@ -2,12 +2,19 @@
 checkNewVersion = false
 sendAnonymousUsage = false

+[api]
+entrypoint="api"
+
 [log]
 level = "DEBUG"

 [entryPoints]
  [entryPoints.web]
-  address = ":80"
+  address = ":8081"
+
+
+  [entryPoints.api]
+  address = ":8080"

 [providers]
   [providers.file]
--- a/integration/fixtures/tcp/catch-all-no-tls-with-https.toml
+++ b/integration/fixtures/tcp/catch-all-no-tls-with-https.toml
@ -38,4 +38,3 @@ level = "DEBUG"
          [http.services.whoami.loadbalancer]
            [[http.services.whoami.loadbalancer.servers]]
              url = "http://localhost:8085"
-              weight=1
--- a/integration/fixtures/tcp/multi-tls-options.toml
+++ b/integration/fixtures/tcp/multi-tls-options.toml
@ -0,0 +1,42 @@
+[global]
+checkNewVersion = false
+sendAnonymousUsage = false
+
+[log]
+level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.tcp]
+    address = ":8093"
+
+[api]
+
+[providers.file]
+
+[tcp]
+    [tcp.routers]
+        [tcp.routers.to-whoami-no-cert]
+            rule = "HostSNI(`whoami-c.test`)"
+            service = "whoami-no-cert"
+            entryPoints = [ "tcp" ]
+            [tcp.routers.to-whoami-no-cert.tls]
+              options = "foo"
+
+        [tcp.routers.to-whoami-sni-strict]
+            rule = "HostSNI(`whoami-d.test`)"
+            service = "whoami-no-cert"
+            entryPoints = [ "tcp" ]
+            [tcp.routers.to-whoami-sni-strict.tls]
+              options = "bar"
+
+        [tcp.services.whoami-no-cert]
+            [tcp.services.whoami-no-cert.loadbalancer]
+              method = "wrr"
+              [[tcp.services.whoami-no-cert.loadbalancer.servers]]
+                address = "localhost:8083"
+
+[tlsoptions.foo]
+    minversion = "VersionTLS11"
+
+[tlsoptions.bar]
+    minversion = "VersionTLS12"