Haproxy equivalent of "ssl verify none"

Traefik Traefik v2
1

Hello,

I'm currently trying to move from a Haproxy configuration to Traefik. So far so good. But I have met an issue for which I dont find the answer.
I'm using a Nextcloud container from linuxserver repositories, which is using a self-signed certificate.

In my haproxy configuration, I just need to add ssl verify none to the backend server configuration and the browsers will reach the backend server using the TLS certificate provided by Haproxy and wont see the self-signed.

I'm trying to do the same thing with Traefik without success so far.

This is my traefik labels (there is no --command and my env variables does not matter here):

      traefik.enable: 'true'
      traefik.docker.network: net-traefik
      # HTTP
      traefik.http.routers.traefik-http.entrypoints: http
      traefik.http.routers.traefik-http.rule: Host(`traefik.mydom.com`)
      traefik.http.routers.traefik-http.service: api@internal
      traefik.http.routers.traefik-http.middlewares: https-redirect
      # HTTPS
      traefik.http.routers.traefik-https.entrypoints: https
      traefik.http.routers.traefik-https.rule: Host(`traefik.mydom.com`)
      traefik.http.routers.traefik-https.tls: 'true'
      traefik.http.routers.traefik-https.tls.certresolver: letsencrypt
      traefik.http.routers.traefik-https.tls.domains[0].main: mydom.com
      traefik.http.routers.traefik-https.tls.domains[0].sans: "*.mydom.com"
      traefik.http.routers.traefik-https.service: api@internal
      # Middlewares
      traefik.http.middlewares.https-redirect.redirectscheme.scheme: https
      traefik.http.middlewares.https-redirect.redirectscheme.permanent: 'true'

My traefik configuration file:

global:
  sendAnonymousUsage: false
  checkNewVersion: false

metrics:
  influxDB:
    address: http://172.17.0.1:8186
    protocol: http
    pushInterval: 5m

api:
  dashboard: true

# serversTransport:
#   insecureSkipVerify: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
  http8080:
    address: ":8080"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  caServer: "https://acme-v02.api.letsencrypt.org/directory"
  letsencrypt:
    acme:
      email: {{ admin_email }}
      storage: "/etc/traefik/acme.json"
      keyType: EC256
      dnsChallenge:
        provider: ovh
        delayBeforeCheck: 10

I tried several things, first a classic approach with http.routers without success, then I added the insecureSkipVerify + traefik.http.services.nextcloud-https.loadbalancer.server.scheme=https without more success.

I then found an almost working configuration with tcp.routers :

      traefik.enable: 'true'
      traefik.docker.network: net-traefik
      # HTTP
      traefik.tcp.routers.nextcloud-http.entrypoints: http
      traefik.tcp.routers.nextcloud-http.rule: HostSNI(`extcloud.mydom.com`)
      # HTTPS
      traefik.tcp.routers.nextcloud-https.entrypoints: https
      traefik.tcp.routers.nextcloud-https.rule: HostSNI(`nextcloud.mydom.com`)
      traefik.tcp.routers.nextcloud-https.tls: 'true'
      traefik.tcp.routers.nextcloud-https.tls.passthrough: 'true'
      traefik.tcp.routers.nextcloud-https.service: 'nextcloud-tcp'
      traefik.tcp.services.nextcloud-tcp.loadbalancer.server.port: '443'

With that, I can now reach my nextcloud, but due to passthrough the wildcard certificate managed by traefik is not used, and I end up with a self-signed certificate, which is not what I want, browser now crying because of that.

Thanks for reading me and I hope some of you will have answers to give.