This should be a common use-case:
I'd like to authenticate a client cert, but only when the url contains a specific PathPrefix. The app behind traefik is a web-site, which also handles rpc-calls on https://some.domain.com/rpc
Client certs are only passed for rpc calls, for which they are mandatory.
In apache this is simply:
<LocationMatch "^/rpc">
SSLVerifyClient require
</LocationMatch>
I've attempted to achieve this by creating two routers with different TLS options:
- "traefik.http.routers.whoami.rule=Host(`some.domain.com`)"
- "traefik.http.routers.whoami.entryPoints=https"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami-rpc.rule=Host(`some.domain.com`) && PathPrefix(`/rpc`)"
- "traefik.http.routers.whoami-rpc.middlewares=passtlsclientcert@file"
- "traefik.http.routers.whoami-rpc.entryPoints=https"
- "traefik.http.routers.whoami-rpc.tls=true"
- "traefik.http.routers.whoami-rpc.tls.options=rpc-options@file"
However this results in Errors: found different TLS options for routers on the same host some.domain.com, so using the default TLS options instead
How should this be handled?