Dear all,
I was hoping I can use Traefik to encrypt my OpenLDAP traffic. I know that LDAP clients do not support SNI, but as this is the only service running on the machine, I hoped that using HostSNI(*) and sniStrict = false would do the trick. Letsencrypt issues the certificates right, but Traefik presents the default self-signed certificate to all clients instead of the letsencrypt one.
Here is my config:
static:
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.ldapsecure]
address = ":636"
[entryPoints.web]
address = ":80"
[certificatesResolvers.le.acme]
email = "haXXX"
storage = "/root/storage.json"
[certificatesResolvers.le.acme.httpChallenge]
entryPoint = "web"
[providers]
[providers.file]
filename = "./dynamic.toml"
dynamic:
[tls.options]
[tls.options.default]
sniStrict = false
[tcp.routers]
[tcp.routers.ldaprouter]
rule = "HostSNI(`*`)"
entryPoints = ["ldapsecure"]
service = "ldapservice"
[tcp.routers.ldaprouter.tls]
options = "default"
certResolver = "le"
[[tcp.routers.ldaprouter.tls.domains]]
main = "ldap.mydomain..."
[tcp.services]
[tcp.services.ldapservice.loadBalancer]
[[tcp.services.ldapservice.loadBalancer.servers]]
address = "127.0.0.1:389"
After googling for hours, I found no further hint what else to try, so I hope someone has a clue here.
The log has:
DEBU[2020-10-08T15:00:31+02:00] Handling connection from XX.XX.XX.XX:52302
DEBU[2020-10-08T15:00:31+02:00] Serving default certificate for request: ""
Thanks for any hint!