Hi,
After this post: https://community.traefik.io/t/consul-connect-backend-in-https-instead-http
I tried to understand why https backend and I found answer with this video: Simplifying Infrastructure and Network Automation with HashiCorp and Traefik - YouTube
But it's bringing to me anothers problems. And I didn't find solution.
In my nomad job, I configured 2 services.
One for database connection and it works fine.
Another for Traefik, and this where the problem start.
To be sure I gave to traefik service in consul, all intentions allows.
service {
name = "traccar-domain-tld"
port = "webinterface"
connect {
sidecar_service {}
}
tags = [
"traefik.enable=true",
"traefik.http.routers.traccardomaintld.tls=true",
"traefik.http.routers.traccardomaintld.tls.certresolver=myresolver",
"traefik.http.routers.traccardomaintld.tls.options=mintls12@file",
"traefik.http.routers.traccardomaintld.entrypoints=https",
"traefik.http.routers.traccardomaintld.rule=Host(`traccar.domain.tld`)",
"traefik.http.middlewares.traccardomaintld.redirectscheme.scheme=https",
"traefik.http.middlewares.traccardomaintld.redirectscheme.permanent=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.customResponseHeaders.X-Robots-Tag=all",
"traefik.http.middlewares.traccardomaintld-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000",
"traefik.http.middlewares.traccardomaintld-headers.headers.frameDeny=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.browserXssFilter=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.contentTypeNosniff=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.stsIncludeSubdomains=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.stsPreload=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.stsSeconds=31536000",
"traefik.http.middlewares.traccardomaintld-headers.headers.forceSTSHeader=true",
"traefik.http.middlewares.traccardomaintld-headers.headers.accessControlMaxAge=15552000",
"traefik.http.middlewares.traccardomaintld-headers.headers.customFrameOptionsValue=SAMEORIGIN",
"traefik.http.routers.traccardomaintld.middlewares=traccardomaintld-headers@consulcatalog",
"traefik.consulcatalog.connect=true"
]
}
And I have a Bad Gateway
response .
In Traefiks logs:
time="2021-12-28T10:22:01Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="https://xxx.xxx.xxx.xxx:28061"
Traefik send traffic to consul-proxy port.
When I had to traefik tags:
"traefik.http.services.traccardomaintld.loadbalancer.server.port=${NOMAD_HOST_PORT_webinterface}"
Traefik send to traccar web interface port, but I had Internal Server Error
and traefik logs:
time="2021-12-28T10:31:40Z" level=debug msg="'500 Internal Server Error' caused by: tls: first record does not look like a TLS handshake"
And when I remove sidecar_service and put traefik.consulcatalog.connect=true
no problem.
I certainly forgot something. But I don't know. If someone have an idea or can explain me. Because It's pretty cool to have traefik and backends in TLS! Thanks for this feature!
Thanks!