Need help for TCP routing - multiple domains

Traefik Traefik v3 (latest)
1

Hi there
i am facing an issue , trying to implement 2 traefik instances to handle 2 different domains...
One instance is on VLAN10 and the other instance is on VLAN20
Both instance can discuss each other over tcp of course (via FW rule)
So apparently, this is not a network issue

On the first instance, the one which is facing internet, i added a rule like this :

tcp:
  routers:
    internal-traefik-rtr:
      entryPoints:
        - websecure
      rule: "HostSNIRegexp(`domain2.com`) || HostSNIRegexp(`{subdomain:[a-z]+}.domain2.com`)"
      service: internal-traefik-svc
      tls:
        passthrough: true
  services:
    internal-traefik-svc:
      loadBalancer:
        servers:
          - address: "192.168.20.87:443"

When i go to the traefik GUI, i do not see any TCP routers or services
And when i try to go to traefik.domain2.com, i got of course
http: TLS handshake error from <IP>:57210: remote error: tls: unknown certificate

Is there anything special i need to add in other yaml files ?

Thanks for your help

2

When you use anything other than HostSNI(`*`), then Traefik has to have access to the TLS cert to decrypt the request to read the SNI domain.

If no TLS cert is provided, Traefik will create a custom TLS cert, which your client/browser usually does not trust.

3

Thanks for your reply ..

You mean, i need to add domain2.com to first instance of traefik (to retrieve a cert) then pass this cert in conf for tcp router?
I thought thar for tcp routing it was not needed to check this
Do you have an example of configuration for this?

But anyway, i should see at least a tcp router in the gui no?
Even if there are some mistakes

4

A Traefik router needs a rule for domain matching, in TCP only HostSNI() is available when using TLS.

And to read the domain, Traefik needs the TLS cert to decrypt the request.