Fallback router to forward to other reverse proxy

Traefik Traefik v3 (latest)
,
1

I'm using Traefik 3 and I'd like to pass-through all unmatched traffic to another reverse proxy.

Traefik fallback proxy

First question, is it possible to define a router with no rule ? (which would get a 0 priority) Is it going to sweep all the remaining traffic ?

Second question, will I be able to also delegate the SSL offloading to the other proxy since I'm already redirecting the 80 from Traefik ?

And lastly:

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: "websecure"
          scheme: "https"
  websecure:
    address: ":443"

http:
  routers:
    fallback:
      service: fallback
      entrypoints: web
  services:
    fallback:
      loadBalancer:
        servers:
          - url: "http://fallback-proxy"

This doesn't seem to do the job, it's still trying to do the TLS handshake on the first proxy, I guess because it's getting redirected before reaching my fallback router.

For the record, why do I need to use 2 reverse proxy ? I'm actually trying to migrate my services from the proxy 1 to the proxy 2 and I need to do it progressively so there is not too much downtime

2

This is a challenge. For Traefik to recognize the right service, it needs to read the request, at least the TLS SNI, therefore it needs to have read access to the TLS cert. Otherwise it will create and return a Traefik default cert, which usually creates an error on the browser/client side.

1 Like
3

Ho ok understood, I didn't though of that, seems quite logic though, thx for the explanation.
Maybe I could finally let Traefik manage the TLS part and just forward the plain traffic to the other proxy.
I'll try that, and about the router with no rule, do you know if that's possible ? Or should I use a rule like Host(.*) and explicitly set the priority to 0 ?

4

Personally I have always provided a rule, check the forum for "catch all" examples.

But note that unless you have a wildcard subdomain, even when having configured a default cert, your browser/client will probably prompt with a TLS warning.