My app is running in a VM, accessed via traefik (docker container) listening on port 443.
Incoming requests are via a fqdn for which matching SSL certs are provided - traefik validates, terminates the SSL chain & forwards un-encrypted requests to a web-server (another container running in the same docker network). All pretty standard so far.
The picture changes now a customer has put a corporate gateway / reverse proxy in front. I do not have access to this and am not aware of available settings. HTTPS requests are forwarded to the VM but the crucial difference is that the requests are now sent to the VM IP + port rather than a domain name. There is only one app running on the VM.
The real domain is already verified at the gateway. I would like encryption up to traefik, using a self-signed SSL cert with with an IP SAN or a local host / domain name, insecureSkipValidate to be used to avoid cert errors.
Is there a way to map the incoming IP back to a domain name? I tried a custom serversTransport with a serverName - no luck, I tried a redirectRegex - no luck ...
Can anyone point me in the right direction?