Creating TCP Router

Traefik Traefik v2 (latest)
,
1

Continuation of: Does tcp route support middleware

Now that Traefik 2.5 supports middleware on tcp-routers, how would we enable this?

I've tried:

[tcp.routers]
  [tcp.routers.ipmi-rtr]
    entryPoints = ["https"]
    rule = "HostSNI(`ipmi.mydomain.com`)"
    service = "ipmi-svc"
    middlewares = ["chain-oauth"]
    [tcp.routers.ipmi-rtr.tls]
      certresolver = "dns-cloudflare"
      passthrough = true

[tcp.services]
  [tcp.services.ipmi-svc]
    [tcp.services.ipmi-svc.loadBalancer]
      [[tcp.services.ipmi-svc.loadBalancer.servers]]
        address = "192.168.0.253:443"

But it's stating the middleware doesn't exist.

  • today at 18:17:58 time="2021-09-02T18:17:58+01:00" level=error msg="middleware "chain-oauth@file" does not exist" entryPointName=https routerName=ipmi-rtr@file

Since the feature is quite new, not quite sure how to enact this.

Thanks for any help!

2

The is only one middleware for TCP and it is:
https://doc.traefik.io/traefik/middlewares/tcp/ipwhitelist/

3

You need to set labels on your Traefik container

  traefik.tcp.middlewares.localhost-ip-whitelist.ipwhitelist.sourcerange: 127.0.0.1/1, 172.0.0.1/1
  traefik.http.middlewares.localhost-ip-whitelist.ipwhitelist.sourcerange: 127.0.0.1/1, 172.0.0.1/1

Then set labels on your container that need TCP

 traefik.frontend.priority: 1
  traefik.enable: true
  traefik.backend: mongo
  traefik.tcp.routers.mongo.rule: HostSNI(`*`)
  traefik.tcp.routers.mongo.entrypoints: mongo
  traefik.tcp.routers.mongo.service: mongo
  traefik.tcp.services.mongo.loadbalancer.server.port: 27017
  traefik.tcp.routers.mongo.middlewares: localhost-ip-whitelist@docker
4

Ah,

That would explain things.

I'm guessing until further middlewares are created, things like authentication won't work on TCP middleware?