New to traefik: Can I 'replicate' this nginx setup with traefik and containers?

Traefik Traefik v2
1

I am currently running a nginx+MinIO setup to offer MinIO storage to a small group of users who have to be strictly separated. nginx listens on port 9000, does the TLS termination and then based on the MinIO login credential, it passes the connection on to one of a few MinIO services running on localhost on port 9001..900x. These MinIO processes handle the authentication (secret) and they all store their data on a mounted external RAID. All processes run from launchd at boot (very old-fashioned).

The nginx server setup for this service looks like this:

server {
    listen              9000 ssl;
    root                /opt/local/share/nginx/foo.rna.nl;
    server_name         foo.rna.nl;
    ssl_certificate     /opt/local/etc/letsencrypt/live/foo.rna.nl/fullchain.pem;
    ssl_certificate_key /opt/local/etc/letsencrypt/live/foo.rna.nl/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers   on;
    ssl_session_cache           shared:SSL:10m;
    proxy_buffering     off;
    client_max_body_size 1000m;
    ignore_invalid_headers off;
    error_log /opt/local/var/log/nginx/minio_error.log info;
    access_log /opt/local/var/log/nginx/minio_access.log;
    location / {
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_connect_timeout 300;
        if ($http_authorization ~* "^AWS(4-HMAC-SHA256 Credential=| )XXXXXXXXXXXXXXXXXXXX") {
            proxy_pass http://127.0.0.1:9001/;
        }
        if ($http_authorization ~* "^AWS(4-HMAC-SHA256 Credential=| )YYYYYYYYYYYYYYYYYYYY") {
            proxy_pass http://127.0.0.1:9002/;
        }
        if ($http_authorization ~* "^AWS(4-HMAC-SHA256 Credential=| )ZZZZZZZZZZZZZZZZZZZZ") {
            proxy_pass http://127.0.0.1:9003/;
        }
}

I am looking into moving this setup to a new Ubuntu server with MinIO containers with traefik in front of it. I'm just wondering if with the new setup (containers & traefik) I should fundamentally change my approach. I do not want more than one FQDN for this service. I've been reading the documentation, but as a newbie, I'm uncertain if I understand this in full

2

I would think that usually you would use a middleware for this. But I am not aware of a middleware supporting this kind of if. See the list, maybe the community has a plug-in for you.