I'm failing to route acme-challenges to different endpoints depending on the host name. I have the built-in certprovider configured like this
[http.routers.acme]
entryPoints = ["web"]
rule = "PathPrefix(`/.well-known/acme-challenge/`)"
priority = 999
service = "acme-http"
[http.services.acme-http.loadBalancer]
[[http.services.acme-http.loadBalancer.servers]]
url = "http://127.0.0.1:10081/"
Then I have an additional router configured like this:
[http.routers.subdomain1]
entryPoints = ["web"]
rule = "Host(`subdomain.example.com`) && PathPrefix(`/.well_known/acme-challenge/`)"
priority = 1000
service = "svc-subdomain-http"
[http.routers.subdomain2]
entryPoints = ["web"]
rule = "Host(`subdomain.example.com`)"
priority = 1
middlewares = ["http2https"]
service = "svc-subdomain-http"
[http.services]
[http.services.svc-subdomain-http.loadBalancer]
[[http.services.svc-subdomain-http.loadBalancer.servers]]
url = "http://172.26.10.95/"
I would expect the acme-challenges for subdomain.example.com
hit the svc-subdomain-http
service while all other challenges go to the built-in service.
HTTPS redirection works fine. However, all acme-challenges hit the built-in service. In the logs I can only find this error message:
time="2020-10-12T00:37:00+02:00" level=debug msg="Unable to split host and port: address subdomain.example.com: missing port in address. Fallback to request host." providerName=le.acme
This is the request:
time="2020-10-12T00:37:02+02:00" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":
\"/.well-known/acme-challenge/ZvKLsVY3iZ-e05lfjIVo-5SJLfSYfIqXPqvmj8DeDSs\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"Pr
otoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate\"
],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Cache-Control\":[\"max-age=0\"],\"Connection\":[\"keep-alive\"],\"Cookie\":[\"MWA_LANGUAGE=en\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozill
a/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36\"],\"X-Forwarded-Host\":[\"subdomain.example.com\"],\"X-Forwarded-Port\":[\"80\"],\"X-Forwarde
d-Proto\":[\"http\"],\"X-Forwarded-Server\":[\"example\"],\"X-Real-Ip\":[\"x.x.x.x\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"subdomain.example.com\",\"Form\":null,\"PostForm\":null,\"Mult
ipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"x.x.x.x:60972\",\"RequestURI\":\"/.well-known/acme-challenge/ZvKLsVY3iZ-e05lfjIVo-5SJLfSYfIqXPqvmj8DeDSs\",\"TLS\":null}"
Traefik runs in Docker with network mode host. There is port forwarding from the router involved.
How can I fix this?