Traefik
New Host Config: Vulnerability Scan
· β˜• 7 min read · ✍️ Mark A. McFate
Today I elected to run a vulnerability scan against our new instance of the docker-traefik2-acme-host configuration that’s running on static.grinnell.edu. The command I used, and the results, are posted below. ╭─islandora@dgdockerx ~ ╰─$ /home/islandora/testssl.sh/testssl.sh static.grinnell.edu ########################################################### testssl.sh 3.0rc4 from https://testssl.sh/dev/ This program is free software.

Host Config: docker-traefik2-acme-host
· β˜• 1 min read · ✍️ Mark A. McFate
This post is celebrating the completion (really, is anything ever complete?) of a new server/host/stack deployment project: docker-traefik2-acme-host. In order to make this post really easy to read, I’m going to wrap it up in one bullet… README.md And that’s a wrap.

Traefik and Acme.sh Instead of DNS-01
· β˜• 13 min read · ✍️ Mark A. McFate
This post is a follow-up to Dockerized Traefik Host Using ACME DNS-01 Challenge. It introduces an alternative to the failed process that was proposed in that earlier post. Note that the following config-specific elements have been replaced below: 6 occurances of ?

Simplified Testing of Traefik 2 with ACME DNS-01 Challenge
· β˜• 3 min read · ✍️ Mark A. McFate
This post is a simplified and focused follow-up to Dockerized Traefik Host Using ACME DNS-01 Challenge. Simplify Today, 19-May-2020, I’m going to take a shot at simplifying my testing on dgdocker3.grinnell.edu by removing unnecessary things and consolidating as much as possible to reduce clutter in the logs and get right to the point.

Dockerized Traefik Host Using ACME DNS-01 Challenge
· β˜• 11 min read · ✍️ Mark A. McFate
This post builds on My dockerized-server Config and attempts to change what was a problematic ACME HTTP-01 or httpChallenge in Traefik and Let’s Encrypt to an ACME DNS-01 or dnsChallenge. The problem with the old HTTP-01 or httpChallenge is that it requires the creation of a valid and widely accessible “A” record in our DNS before the creation of a cert; the record has to be in place so that the Let’s Encrypt CA-server can find it to confirm that the request is valid.

Repairing Static.Grinnell.edu
· β˜• 4 min read · ✍️ Mark A. McFate
This morning, Tuesday, September 17, 2019, I awoke to find our https://static.grinnell.edu server, and all of the services on it, unreachable via the web. I managed to open a shell on the host and found that the server was up-and-running as expected, but a quick docker ps command indicated that one of the key services on the server, namely Traefik, had stopped and then failed to restart, repeatedly.

My dockerized-server Config
· β˜• 3 min read · ✍️ Mark A. McFate
This post picks up from where Configuring DGDocker2 left off. In it I will establish a workflow to setup a “Dockerized” server complete with Traefik, Portainer, and Who Am I. It should be relatively easy to add additional non-static services to any server that is initially configured using this package.

Configuring DGDocker2
· β˜• 13 min read · ✍️ Mark A. McFate
My mission today is to successfully migrate the images/containers/services chronicled in post 030, “Dockerized Omeka-S: Starting Over” to Docker-ready node dgdocker2 without compromising any of the services that already run there. Pushing WMI Omeka-S to Production on dgdocker2 Grinnell’s dgdocker2 server, specifically dgdocker2.

Removing Traefik's Weak Cipher Suites
· β˜• 2 min read · ✍️ Mark A. McFate
Most of the servers I deploy to and manage here at Grinnell College are now “Dockerized”, and all of those use Traefik to manage traffic, of course. Before a web app or server can be opened for access to the world here, it has to pass a vulnerability scan, and I’m not privy to the specifics of that scan.