Hi, I'm trying to set up Traefik v2 reverse proxy to route traffic for DNS requests that are not labeled in any container, and have Traefik automatically manage any relevant certificates. I.e. for any A records that I add, traefik will automatically resolve to the container and if a cert is not present it will add the domain to the cert bundle for that container. It is important that the action is organic, not a redirect (the container will determine content based on the URL and the URL needs to stay the same as the one entered by the end user). Is this possible? Thanks!
No, you need to specify all domains up front in Traefik or use a wildcard (for one level like *.example.com
). Traefik will not automatically see a request to a new domain and quickly create a cert on the fly.
Of course routers are dynamic and you can create a job that adds new (sub-) domains in a dynamic config file, which Traefik provider.file
can automatically watch for changes and reload.
We have multiple tenant on multiple services (a.service1.com, b.service1.com, a.service2.com, b.service2.com) and create a new Docker Swarm service for every one with dedicated Host(domain). Every service uses its own dedicated database anyway. We have 2 wildcard certs in use.
You can also use a service per main domain or one for everything (using HostRegex()
) if you then differentiate by Host header in you app. But for that you need a wildcard with a fixed main domain or update the dynamic routers manually.