Forward http(s) traffic not matching SNI to outside

Hello folks!

On my server I have some classic apps like Apache httpd and also dockerized apps like gitlab or traefik.

The http(s) traffic to the dockerized apps (matching Host-directive) should be handled by traefik and the rest shall be forwarded to the classic installed Apache httpd - of course to an other port than 80 (which is "occupied" by Traefik).

Is this possible? How? Could you please explain or have you got an example for me?


Edit: I need the "forward the rest to the outside"-part only, something like a default router.

In general you can create a router and service in a dynamic config file (router doc, service doc), which needs to be read by provider.file in static config (traefik.yml or command in docker-compose.yml).

For https HostSNI can only be read when Traefik has the cert available to decode the TLS request. Only HostSNI(`*`) in TCP router works without TLS. A http router always needs to have TLS certs available to work.

From the TCP router doc:

If both HTTP routers and TCP routers listen to the same entry points, the TCP routers will apply before the HTTP routers. If no matching route is found for the TCP routers, then the HTTP routers will take over.

Without all certs available to Traefik it could get complicated.


Thank you so much - that sound's really great!

I'll try this solution.

kind regards