Hello there,
I've a "particular" setup where I have a first frontend server ("server0") that receive all public web traffic and at least one another host ("server1") on a private network only.
I don't know how to enable HTTPS for services hosted on private network host(s) ("server1").
Here's a scheme of my architecture:
[ Internet ] --- [ Server 0 ] --- [ Server 1]
+-----------------------+ +-----------------------+
| Docker | | Docker |
| +-------------------+ | | +-------------------+ |
| | Traefik | | | | Traefik | |
| | Service A | | | | Service B | |
| +-------------------+ | | +-------------------+ |
+-----------------------+ +-----------------------+
I basically use wildcard DNS (all pointing to server0) to expose services on each host. For example:
- traefik.server0.mydomain
- servicea.server0.mydomain
- traefik.server1.mydomain
- serviceb.server1.mydomain
My attempts:
server0(http,https), server1(http)
On server0
:
- http, https and traefik entrypoints
- docker enabled
- static rules for
server1
- http, https entrypoints
- pass header
- rule:
HostRegexp:{subdomain:.*}.server1.mydomain
- target:
http://server1
On server1
:
- http, traefik entrypoints
- docker enabled
Result:
-
traefik.server0.mydomain
: OK, valid certificate (Let's Encrypt) -
serviceA.server0.mydomain
: OK, valid certificate (Let's Encrypt) -
traefik.server1.mydomain
: OK, invalid certificate (Traefik default cert)
server0(http,https), server1(http,https)
On server0
:
- http, https and traefik entrypoints
- docker enabled
- static rules for
server1
- http, https entrypoints
- pass header
- rule:
HostRegexp:{subdomain:.*}.server1.mydomain
- target:
https://server1
On server1
:
- http,https,traefik entrypoints
- docker enabled
Result:
-
traefik.server0.mydomain
: OK, valid certificate (Let's Encrypt) -
serviceA.server0.mydomain
: OK, valid certificate (Let's Encrypt) -
traefik.server1.mydomain
: bad gateway, invalid certificate (Traefik default cert)
I don't know which options to use to have correct behavior ...