Hello there,
I have traefik (v2.6.1) running in a Kubernetescluster (EKS). In front of the cluster sits an NLB forwarding all traffic as plain tcp to traefik.
This works like a charm for normal http/s-traffic on port 80/443
So, I have a few ingresses, traefik handles tls and the apps behind those ingresses are reachable.
Now comes my challenge.
I have some other apps, which speak http too, but on a custom port. Traefik should handle tls for these apps too.
How would I do that?
I was under the impression that I would do that with dedicated entrypoints and the ingressroutetcp CRD.
So I added the needed entrypoints to traefik via helm:
ports:
web:
redirectTo: websecure
websecure:
tls:
enabled: true
tcp10000:
port: 10000
expose: true
exposedPort: 10000
protocol: TCP
And setup a ingressroutetcp crd:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcpfoo
namespace: test
spec:
entryPoints:
- tcp10000
routes:
- match: HostSNI(`test.example.com`)
services:
- name: test
port: 10000
tls:
passthrough: false
domains:
- main: test.example.com
secretName: test-secret
This is all accepted by traefik, but if I try to connect to my app (e.g. doing a simple curl), I get an error like this:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
If I try to use http, I get a "400 Bad Request" error, which at least tells me, I hit traefik with my request.
Note: non of my requests is visible on the logs (debug and accesslogs enabled).
What do I do wrong here?
Could I do this by using a standard Ingress and just setting the entrypoint as I just use http/s but on a different port?
Any help is very much appreciated.