Issue w/ insecureSkipVerify - only works globally

Hello,

I was trying to get Vaultwarden working back on my new server. I had to use insecure skip verify because of the self-signed cert.

If I add tls:
insecureSkipVerify: true

anywhere in makes my traefik default back to 3 routes, middlewares, and services. If i take that line back out no issues...tried making a middleware. Only thing that works is servers transport in my global setting for all services...

serversTransport:
insecureSkipVerify: true

http:
routers:
vaultwarden-rtr:
rule: "Host(vaultwarden.XXXXXXX.com)"
entryPoints:
- websecure
middlewares:
- chain-no-auth
service: vaultwarden-svc
tls:
certResolver: myresolver
options: tls-opts
services:
vaultwarden-svc:
loadBalancer:
servers:
- url: "https://192.168.XXX.XXX:8001"
tls:
insecureSkipVerify: true


global:
checkNewVersion: true
sendAnonymousUsage: false

api:
dashboard: true
insecure: true # Disable in production

entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
http:
tls:
certResolver: myresolver

providers:
file:
directory: /etc/traefik/conf.d/
watch: true

certificatesResolvers:
myresolver:
acme:
email: "whatever@gmail.com"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare

log:
filePath: /var/log/traefik/traefik.log
format: json
level: INFO

accessLog:
filePath: /var/log/traefik/traefik-access.log
format: json
filters:
statusCodes:
- "200"
- "400-599"
retryAttempts: true
minDuration: "10ms"
bufferingSize: 0
fields:
headers:
defaultMode: drop
names:
User-Agent: keep

I can only get the command below to work on my main traefik.yml

If I try to add it to any my rules example: vaultwarden.yml it does not apply it seems.

serversTransport:
insecureSkipVerify: true

For insecureSkipVerify to be used not globally, you need to:

  1. Create a serversTransport
  2. Assign it to the service of a router

Doc

1 Like

services:
vaultwarden-svc:
loadBalancer:
servers:
- url: "https://192.XXX.XX.67:8001"
serversTransport: mytransport # Associate the custom server transport

serversTransports:
mytransport:
insecureSkipVerify: true # Disable TLS verification for the upstream service

I've tried this but it still just resets my config to default, and I can only seem to make the global setting to work.

Think I finally got it

http:
routers:
vaultwarden-rtr:
rule: "Host(vaultwarden.XXXXXXXX.com)"
entryPoints:
- websecure
service: vaultwarden-svc
tls:
certResolver: myresolver

services:
vaultwarden-svc:
loadBalancer:
servers:
- url: "https://192.XXX.XX.67:8001"
serversTransport: mytransport

serversTransports:
mytransport:
insecureSkipVerify: true

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.