Configuring mTLS in traefik

alfonsodg · June 13, 2023, 1:52am

Hello,
I have reviewed all possible existing documents on the internet on how to configure mTLS in traefik and I just can't find the problem, I keep getting these errors:
"building router handler: unknown TLS options: foo@file" routerName=testnginx@docker entryPointName=https
"unknown TLS options: foo@file" routerName=testnginx@docker entryPointName=https

I have adjusted my compose.yml to the following:

version: '3.3'
services:
  traefik:
    image: traefik:latest
    command:
     - --providers.file.filename=/fileprovider/custom.toml
     - --providers.file.watch=true
     - --providers.docker
     ...................
     ..................
    volumes:
     - /etc/localtime:/etc/localtime:ro
     - /etc/timezone:/etc/timezone:ro
     - /mnt/traefik/certificates:/certificates
     - /mnt/traefik/fileprovider/custom.toml:/fileprovider/custom.toml
     ....................
     ...................

My custom.toml:

tls:
  options:
    foo:
      clientAuth:
        # in PEM format. each file can contain multiple CAs.
        caFiles:
          - /certificates/rootCA.crt
        clientAuthType: RequireAndVerifyClientCert

And my stack:

version: '3.3'
services:
  whoami:
    image: nginx
    networks:
     - traefik-public
    logging:
      driver: json-file
    deploy:
      replicas: 2
      labels:
        traefik.http.services.testnginx.loadbalancer.server.port: '80'
        traefik.http.routers.testnginx-http.rule: Host(`mtls.demo.info`)
        traefik.http.routers.testnginx-https.tls: 'true'
        traefik.http.routers.testnginx-http.entrypoints: http
        traefik.http.routers.testnginx-http.middlewares: https-redirect
        traefik.http.routers.testnginx-https.rule: Host(`mtls.demo.info`)
        traefik.constraint-label: traefik-public
        traefik.http.routers.testnginx-https.entrypoints: https
        traefik.http.routers.testnginx-https.tls.certresolver: le
        traefik.docker.network: traefik-public
        traefik.enable: 'true'
        traefik.http.routers.testnginx.tls.options: foo@file

networks:
  traefik-public:
    external: true

But nothing is working for me, because from what I understand it can't find the tls.options so I'm not sure if it's reading the custom.toml or a change has been made in the API that makes it work differently.
I will greatly appreciate who can guide me in this regard or show me a functional demo. Thank you so much

bluepuma77 · July 18, 2023, 7:35pm

Check the dynamic file reference.

Make sure you have the correct doc version matching Traefik, this can be seen left bottom when using a desktop browser.

Topic		Replies	Views
Configuring mTLS Traefik v2 (latest) docker , docker-swarm	1	667	November 24, 2021
Error with custom TLS certs Traefik v2 (latest) docker-swarm	3	9721	April 18, 2022
Set TLS default option with .toml file Traefik v2 (latest) docker	9	3908	October 28, 2019
Custom SSL (TLS) configuration with docker Traefik v2 (latest) docker	10	147	March 11, 2024
Docker Swarm mode and File Configuration Traefik v2 (latest) docker-swarm , file	3	496	September 24, 2021

Configuring mTLS in traefik

Related Topics