How to proxy a TLS-only service?

I have a service that only exposes a TLS endpoint, with a self-signed certificate. I would like to make it available with my certificate, like all my other services (which are HTTP so the proxyfication I straightforward).

In practical terms, upon a connection to https://this-service.example.com I would like Traefik to contact https://the-service-backend, handshake through this self-signed cert, and make the call to the backend (and relay its response)

How can I do that?

If you use regular Docker labels for configuration discovery, you can set the scheme to https.

For the custom cert, you can use insecureskipverify to just trust it. Either globally in static config or create a serversTransport with it and assign it to the service in dynamic config.

There should be an option to load the cert, check the service doc.

insecureskipverify is discussed every quarter, use search for more detailed explanations.