Julien Riou
be00ca79c0
Golang HTTPS server isn't secure by default. This commit introduces TLS minimum version and ciphers list to set up a secure TLS service. Signed-off-by: Julien Riou <julien@riou.xyz>
21 lines
No EOL
512 B
Text
21 lines
No EOL
512 B
Text
---
|
|
frontend:
|
|
host: 127.0.0.1
|
|
port: 8443
|
|
certfile: /path/to/certificate.pem
|
|
keyfile: /pat/to/keyfile.key
|
|
tls-ciphers:
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
|
tls-min-version: TLSv1.1
|
|
backend:
|
|
host: 127.0.0.1
|
|
port: 8008
|
|
scheme: http
|
|
cache:
|
|
ttl: 1
|
|
interval: 0.25 |