Hi all,
I placed the following labels on a container that is part of the traefik network, so that traefik works transparently without using its tls, but I get the following error that keeps repeating in the traefik logs, what did I do wrong?
Labels:
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.fleetdm.rule=HostSNI(`*`)" # Use HostSNI to match any SNI
- "traefik.tcp.routers.fleetdm.entrypoints=websecure" # Use your desired entry point, 'websecure' may be your secure HTTPS entry point
- "traefik.tcp.services.fleetdm.loadbalancer.server.port=8080" # Replace 8080 with the appropriate port on which your service listens
Error:
{"level":"debug","msg":"Handling TCP connection from 10.100.139.2:55841 to 172.21.0.5:8080","time":"2023-08-09T15:35:30Z"}
{"level":"debug","msg":"Handling TCP connection from 10.100.139.2:55842 to 172.21.0.5:8080","time":"2023-08-09T15:35:30Z"}
{"level":"error","msg":"Error while handling TCP connection: readfrom tcp 172.21.0.4:57758-\u003e172.21.0.5:8080: read tcp 172.21.0.4:443-\u003e10.100.139.2:55842: read: connection reset by peer","time":"2023-08-09T15:35:30Z"}
hi @bluepuma77 as anticipated in previous posts, traefik is configured to be reached by pfsense in 80 and then turn the request to the various applications always in port 80.
but this is the only application where the pfsense reaches traefik on port 443 and traefik has to forward the request as is to the application without applying its tls, as it is the only application that uses its own tls.
Thanks
Traefik conf:
docker-compose.yml:
version: '3.9'
services:
traefik:
image: traefik:v2.10
container_name: Traefik
restart: unless-stopped
ports:
- 80:80
- 443:443
# - 8080:8080 # Porta opzionale per l'interfaccia di amministrazione di Traefik !non usare in prod!
volumes:
- /data/docker/appdata/traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
- /data/docker/logs/traefik:/var/log/traefik
networks:
- Proxy
networks:
Proxy:
external: true