Can traefik separately verify load balancer https redirect -- per site basis?

I'm using a file provider, creating my separate routers and associated services.

If I create a loadbalancer service such as:

  services:
    sv_proxy_pass_nc.com:
      loadBalancer:
        servers:
          - url: https://nextcloud.domain.com
        passHostHeader: true

Can traefik verify the https certificate against a CA? I'm asking this since some of the backend https certificates are going to be LE in origin and others are going to be self-signed. The LE CA certs are going to be part of the ca-certificates.crt.

Hello @kevdog,

It's possible to configure a CA in Traefik to validate the service certificates.

The first option is to configure the CA for all services by using the serverTransport option in the static configuration, as described in the following documentation.

The second option is to configure the CA for each services by using the new ServersTransports feature released in v2.4. For more details, check out the following documentations:

• https://doc.traefik.io/traefik/routing/services/#serverstransport
• https://doc.traefik.io/traefik/routing/services/#rootcas

Hope this helps!

Very very useful information you posted particularly in light of the newer features. Thanks.

Does the traefik container have preinstalled a ca-certificates.crt file? If not is it advisable to

1. Import host ca-certificates file as a bind mount
2. Dockerfile and add the package?

Thanks.

Hi again @kevdog,

As you can in the following link our Docker image has the ca-certificates pre-installed: https://github.com/traefik/traefik-library-image/blob/master/alpine/Dockerfile#L2