Confusion over basic configuration

mbwhite · November 17, 2022, 10:53am

Hello;

I think I'm making a very basic mistake here, but I'm not clear what it could be. Essentially I'm attempting to setup traefik to listen for incoming https requests and then route (depending on the hostname) to a certain backend server. (and pass through the TLS).

eg client connects to htts://srv1.localho.st:8443 and I want traefikl to route that to https://srv1.localho.st:9000 srv2.localho.st:8433 to srv2.localho.st:9500

I believe the configuration is not being properly loaded, as I can get traefik to listen on port 8443 but no other TLS configuration appears to be accepted. The error "No Default Certificate Found"

CLI ~/traefik --providers.file.filename=traefik/config.yaml --configFile=traefik/traefik.yaml

traefik.yaml

log:
  level: DEBUG

providers:
  file:
    filename: "/home/matthew/github.com/ampretia/tls-expr/traefik/config.yaml"
    watch: true

config.yaml

entryPoints:
  websecure:
    address: ":8443"


tls:
  options:
    opt1:
      passthrough: true
  stores: 
    default:
      defaultCertificate:
        certFile: "/home/matthew/github.com/ampretia/tls-expr/proxy.crt"
        keyFile: "/home/matthew/github.com/ampretia/tls-expr/proxy.key"
      

http:
    routers:
        Router-1:
            rule: "Host('srv1.localho.st')"
            service: my-service           
            tls:
              options: opt1

    services:
        my-service:
            loadBalancer:
              serversTransports: transport_host
              servers:
                - url: "https://localho.st:9443"
                          

    serversTransports: 
      transport_host: 
        insecureSkipVerify: true 
log:
  level: DEBUG

providers:
  file:
    filename: "/home/matthew/github.com/ampretia/tls-expr/traefik/config.yaml"
    watch: true

Many thanks for any pointers
Matthew

bluepuma77 · November 17, 2022, 11:36am

If you use --configFile then you can't use other parameters on CLI. Place them instead in you static config.

So --providers.file.filename=traefik/config.yaml needs to go into traefik.yaml.

mbwhite · November 17, 2022, 12:25pm

ah thanks for that!

made some progress

Cannot start the provider *file.Provider: field not found, node: passthrough

Really confused at that one as I'm sure the docs say it's passthrough

ldez · November 17, 2022, 12:55pm

Hello,

the root TLS section doesn't have a passthrough option.

Also the passthrough is only for TCP routers.

So dynamic configuration (config.yaml) should look like that:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: "/home/matthew/github.com/ampretia/tls-expr/proxy.crt"
        keyFile: "/home/matthew/github.com/ampretia/tls-expr/proxy.key"

http:
  routers:
    Router-1:
      rule: "Host('srv1.localho.st')"
      service: my-service
      tls: {}

  services:
    my-service:
      loadBalancer:
        serversTransport: transport_host
        servers:
          - url: "https://localho.st:9443"

  serversTransports:
    transport_host:
      insecureSkipVerify: true

And your static configuration (traefik.yaml):

log:
  level: DEBUG

providers:
  file:
    filename: "/home/matthew/github.com/ampretia/tls-expr/traefik/config.yaml"
    watch: true

entryPoints:
  websecure:
    address: ":8443"

Topic		Replies	Views
How to properly configure the default ssl cert Traefik v2 (latest) kubernetes-ingress	5	8537	January 23, 2020
Docker, Traefik v2, SSL cannot set default cert Traefik v2 (latest) docker	2	574	October 15, 2019
Failed to register default certificate on traefik Traefik v2 (latest) file	4	1547	March 8, 2023
Traefik-v2 alpha8 - TLS configuration : Options & default cert not applied? Traefik v2 (latest)	7	2170	July 18, 2019
Default TLS should specificly be in "file" provider? Traefik v2 (latest) docker , file	2	682	September 19, 2019

Confusion over basic configuration

Related Topics