How to do TLS terminate and HTTPS on port 443

A good start:

  • traefik.toml

[providers]
  [providers.file]
  filename = "./dyn-config.toml"

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"
  • dyn-config.toml:
[http.routers]
  [http.routers.dns-over-https]
    rule = "Host(`doh-jp.blahdns.com`)"
    service = "dns-over-https-svc"
    [http.routers.dns-over-https.tls]

[tcp.routers]
  [tcp.routers.dns-over-tcp]
    rule = "HostSNI(`doh-jp.blahdns.com`)"
    service = "dns-over-tcp-svc"
    [tcp.routers.dns-over-tcp.tls]


[tcp.services]
  [tcp.services.dns-over-https-svc.loadBalancer]
     [[tcp.services.dns-over-https-svc.loadBalancer.servers]]
       address = "127.250.250.250:25000"
  [tcp.services.dns-over-tcp-svc.loadBalancer]
     [[tcp.services.dns-over-tcp-svc.loadBalancer.servers]]
       address = "127.250.250.250:15000"


[[tls.certificates]]
  certFile = "/etc/haproxy/dot-jp.blahdns.cert"
  keyFile = "/etc/haproxy/dot-jp.blahdns.key"

(you can also use YAML if you prefer, please check the doc: https://docs.traefik.io/v2.0/routing/entrypoints/ for this).

1 Like