I've been struggling, trying to put Tactical RMM behind traefik.
In fact, this software handles its certificates alone and has a built in nginx reverse proxy.
So every time I try to route traffic to the TRMM host using traefik, i'm getting CORS issues.
I tried everything I could, and know for a fact that it would work easily if I let the software handle it's own certificate and routing. The problem is all my HTTPS traffic is tied to traefik on my network, because of other services.
I'd like to know if it's possible to add some sort of exception to traefik, have it ignore any traffic made on a subdomain.
Traefik is a reverse proxy that is used to receive http(s) requests, look at host & path and then forward to a matching target service. If the connection uses TLS/SSL, then Traefik needs the certificate to decrypt the request to see host & path.
Your options from my point of view:
Let Traefik handle TLS and use your service internally with http
Share TLS certificate between Traefik and your service
Use different certs for external and internal - this might work if you use different challenge methods (check which is used by nginx, then use the other for Traefik, either http or tls)
Use an additional port with Traefik and just forward all encrypted traffic via TCP router (may not work if LetsEncrypt is used, they only support ports 80 and 443)
Not sure why you have CORS issues, I would say they are usually not related to TLS.
PS: others didn't solve your challenge, see GitHub.