I want to proxy a service using traefik. The client and server connect over gRPC using mutual TLS. I want traefik to pass the certificates from the client and server without terminating tls. Would appreciate any help
If Traefik has no access to the TLS cert, you can only use a separate entrypoint
(port) and a TCP router with rule HostSNI(`*`)
.
Do not activate any TLS on the entrypoint
or router
, or Traefik will create a default TLS cert, which your client will not trust.
this worked, the basic config is as follows:
[entryPoints.tcp]
address = ":8855"
[tcp]
[tcp.routers]
[tcp.routers.all-hosts-router]
entryPoints = ["tcp"]
rule = "HostSNI(`*`)"
service = "backend-service"
[tcp.services]
[tcp.services.backend-service]
[tcp.services.backend-service.loadBalancer]
[[tcp.services.backend-service.loadBalancer.servers]]
address = "backends:7011"
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.