Oracle DB - TCP router with TLS

Traefik Traefik v2 (latest)
1

Hi,
do someone know if it is possible to use Traefik to secure an connection to an Oracle DB via TLS?
I just tried it, but I was not successful.
Here is my config:

static config

entryPoints:
  oracle-db:
    address: ":1522"

dynamic config

tcp:
  routers:
    oracle-db-router:
      entryPoints:
        - "oracle-db"
      rule: "HostSNI(`*`)"
      service: oracle-db
      tls: {}

  services:
    oracle-db:
      loadBalancer:
        servers:
          - address: "localhost:1521"

An connection from Oracle client is not possible. Just no reaction...
Without the TLS option everything is fine and the TCP router works as expected.

2

Hi @johannesschaefer

HostSNI(`*`) is for tcp routers without tls. You must use a hostname for TLS.

3

Thanks for the hint. But unfortunately still no connection possible. :frowning:

For me the question is the SSL setup of Oracle the same like the TLS setup of Traefik. Do I have to set special TLS parameters?
https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-using-jdbc,-tlsv12,-jks-or-oracle-wallets

Any idea?

4

Based on what I know from using sqplus and experience from other database clients/driver almost certainly you will have to change connection string or parameters.

This will be required: PROTOCOL=TCPS
Not sure if you can leave out the SECURITY=(ssl_server_cert_dn="CN=testcert.oracle.com, O=Oracle Corporation,L=Redwood City,ST=California,C=US")

5

Hi,
we managed to get it working with Traefik and the TCPS setting. But we have to set the TLS version to 1.2.
Thanks for the support.

6

Thanks for your update @johannesschaefer

Do you suspect the java version restricting the TLS version to 1.2 ? Or rather, what version of java is it ?

7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.