Catch-all for all https traffic into one container?

I am using Traefik with docker and docker-compose and have configured an https web server with a hostname.

      - traefik.http.routers.portal-production.priority=1
      - traefik.http.routers.portal-production.rule=host(``)
      - traefik.http.routers.portal-production.tls=true
      - traefik.http.routers.portal-production.tls.certresolver=autocert

This works fine.

In addition, I want to direct all https accesses, whether there is a hostname in the request or not (access via IP address only) to this Docker container as well. The reason for this is that some users do not access my service with the hostname, but only with https:// i.e. IP address only. Currently these users get the default 404 Not Found page.

How can I direct all https accesses to the container?
My service is the only one on the server, so all https accesses could be directed into the container, and there must also be only one certificate for the specified hostname.

I would be very grateful for any hints.

You can’t use IPs for TLS, the certs are linked to domain names, the browsers will show an error. It still works, but provides a bad UX.

For a TLS catchall rule you can use HostSNI(`*`). But you need to provide valid certs for every domain, so best is a wildcard cert, which you can only get from LetsEncrypt with dnsChallenge.

Thanks a lot for your response.

I am aware that this will result in an error message. However, we are talking about requests that are sent from scripts or from an intranet with different NATs in between. The users there have no possibility to make a DNS entry, so they can only call the IP.

From my side I want to deliver only the one standard certificate, which is also regularly used for the one hostname.

I have already tried with HostSNI('*') but no success. Can you be more specific about what this should look like? So a default hostname should be used (see my code above) but furthermore the access should be possible only to the IP.

When you have a paid TLS cert, then you can tell Traefik to use it as default (doc). However I am not sure how you could tell Traefik to use a LetsEncrypt cert for other non-matching hosts, as Traefik usually creates a custom own TLS cert.

Maybe try
.rule=Host(``) || HostSNI(`*`)