Direct IP access instead of FQDN

Hello,

I'm using taefik v2 with docker-compose and i was wondering:

I have a server with a fqdn with a valid SSL certificate for that domain. But it seem possible to access to my server directely with the external IP address and it expose a self-signed certificate.
How can i redirect traffic coming on my ip interface to the fqdn?
I have already try something like this:

- "traefik.http.routers.http-metrics.middlewares=redirect"
- "traefik.http.middlewares.redirect.redirectregex.regex=^https://45.56.25.111/(.*)"
- "traefik.http.middlewares.redirect.redirectregex.replacement=https://mydomain.com/$${1}"
- "traefik.http.middlewares.redirect.redirectregex.permanent=true"

without success..

Any idea?

Yes that is correct. You can use strict sni checking to prevent this proceeding beyond TLS handshake.

With strict SNI checking enabled, Traefik won't allow connections from clients that do not specify a server_name extension or don't match any certificate configured on the tlsOption.

Your middleware is likely not connected to a router matching the rule for the incoming request.
It would have to have a Path or PathPrefix rule or a Host(`45.56.25.111`)

Thanks you ! this worked:

tls:
options:
default:
sniStrict: true
certificates:
- certFile: /cert/mycert.crt
keyFile: /cert/mycert.key
stores:
- default

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.