I have 2 traefik proxies one in a dmz docker swarm and one in an app docker swarm
-
dmz proxy is configured using toml files.
-
app proxy is configured using labels applied to deployed docker containers.
I added a traefik router to match [env].example.com or [client].[env].example.com
The router passes the request to a "traefik service" that then passes it to our app gateway
Currently works fine for the main site
[env].example.com -> myapp.[env].example.net
For the case of a client subdomain I have not figured out how to pass the [client] portion on in any dynamic way.
I was able to get a test case working for a single client by creating an additional service
that was defined with the [client] name
[client].[env].example.com -> [client].myapp.[env].example.net
How would I make it work?
[[tls.certificates]]
# *.example.com
certFile = "/etc/ssl/certs/myapp-cert.crt"
keyFile = "/etc/ssl/private/myapp-priv.key"
[[tls.certificates]]
# *.env.example.com
certFile = "/etc/ssl/certs/env-myapp-cert.crt"
keyFile = "/etc/ssl/private/env-myapp-priv.key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "/etc/ssl/certs/myapp-cert.crt"
keyFile = "/etc/ssl/private/myapp-priv.key"
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
[http]
# Add the router
[http.routers]
# MYAPP
[http.routers.bypass-auth-myapp]
entryPoints = ["https"]
service = "reverse-proxy-myapp"
# NOTE:
# https://int.example.com -> https://myapp.[env].example.net"
# https://clienta.int.example.com -> https://clienta.myapp.[env].example.net"
rule = "HostRegexp(`int.example.com`, `{subdomain:(.+)}.int.example.com`)"
priority = 12
[http.routers.bypass-auth-myapp.tls]
# Add the service
[http.services]
# CSL
[http.services.reverse-proxy-csl]
[http.services.reverse-proxy-csl.loadBalancer]
passHostHeader = true
[[http.services.reverse-proxy-csl.loadBalancer.servers]]
url = "https://[env].example.net"
# MAI
[http.services.reverse-proxy-myapp]
[http.services.reverse-proxy-myapp.loadBalancer]
passHostHeader = false
# TODO: This is where is there is a client matched by router it should be passed here.
# Not sure how to do that right now
[[http.services.reverse-proxy-myapp.loadBalancer.servers]]
url = "https://myapp.[env].example.net"
# [http.services.reverse-proxy-myapp-subdomain]
# [http.services.reverse-proxy-myapp-subdomain.loadBalancer]
# passHostHeader = false
# # TODO: This is where is there is a client matched by router it should be passed here.
# # Not sure how to do that right now
# [[http.services.reverse-proxy-myapp.loadBalancer.servers]]
# url = "https://{{subdomin}}.myapp.[env].example.net"
