Catch all rule - route all unmatched domains to a catch all service? Letsencrypt?

I need to find a way to route every unmatched domains to a special catch all service, can this be done in tarefik 2?

Also, can ssl certificate be requested automatically with catch all service?

e.g I want to route domain mynewdomain.com to my container, and I don't have mynewdomain.com as any of my host / rule definition, it got directed to my container via the catch all rule. Will tarefik be able to request a certificate for mynewdomain.com?

Env is docker swarm.

Thanks

1 Like

In addition to this, for the TLS, i would suggest to issue a wildcard certification *.mynewdomain.com, so it works over all your subdomains.

Thanks @WLun001 unfortunately, the catch all should work, but the domains are not subdomains... I am thinking use nginx to request ssl and forward traffic to traefik....

@Mike-the-one does certiticate resolver works?

https://doc.traefik.io/traefik/https/acme/#certificate-resolvers

Some configuration example at Configuration Examples section too

Thanks I think that won't work...
I may have hundreds of new domains, which will be served by the same app, so I want to make the following to work:

My public site is www dot abc dot com

my client one wanted to host his site with us, use domain name client1.com. I will also automatically associate client1.abc.com to his site as well.

So I am hoping I can make traefik to send request to client1.com and client1.abc.com to my service, and inside the service, since I know the requested host, so that I can figure out which client it is and show the corresponding site.

The thing is, i may have hundreds clients, so I will need this to work for client9999 etc.

Traefik relies on label to fetch the certs, the closet one is

- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org

But I don't know if that is going to work, e.g.

- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].sans=*.client1.org
- traefik.http.routers.blog.tls.domains[0].sans=*.client2.org

Multi domain certs has a limit of 100, also, if client1 check the cert via browser, he may see this cert is also for client2, which is not ideal.

Is there something I can change or add (e.g. a plugin), I can add a label to the service I have, e.g.

- traefik.http.routers.blog.tls.domains.file=<path point to a file accessible by traefik service>

That file list the domains I want to fetch the certs.

Then the plugin watches for that file, and fetch certs if needed.

and traefik magically knows how to send the correct cert back... :slight_smile:

Can this be done?

@Mike-the-one I am not sure about this complex use case. Not able to answer further
I think with this kind of volume, might consider to paid for services