My goal is to provide a means of security while having fun.
I have created a default toml-less traefik.yml which has full HSTS capabilities, dynamic DNS resolvers (both for traefik itself and for ACME), enhanced security features, and whitelistings to help with compatibility.
Test your website here!
https://www.ssllabs.com/ssltest/
https://www.grc.com/dns/dns.htm
https://securityheaders.com/
https://observatory.mozilla.org/
Dns Leak Tests
https://github.com/macvk/dnsleaktest/blob/master/README.md
https://www.privateinternetaccess.com/forum/discussion/23924/easy-quick-dns-and-ipv6-leak-testing-via-command-prompt-line-method-no-browser-or-website-needed
Here's some good information to learn about
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#25-use-forward-secrecy
https://scotthelme.co.uk/https-cheat-sheet/
https://www.toptenreviews.com/secure-encryption-methods
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Project+Homepage
https://openvpn.net/security-advisory/the-voracle-attack-vulnerability/
https://www.cisecurity.org/cis-benchmarks/
https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h.html
https://en.wikipedia.org/wiki/Salt_(cryptography)
https://blog.qualys.com/ssllabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://tonsky.me/blog/disenchantment/
I am currently working on creating a frontend and backend traefik which will remove the socket access to the traefik facing the internet.
I want to also get a elevated permissions proxy setup for the system https://github.com/Tecnativa/docker-socket-proxy
Reading : https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/