Hey...
I'm running a k8s cluster with traefik v3 installed to loadballance my services. I'm using traefik's ingressroute to route e.g. http request to my services, using the hostname as a match for the service.
When i use local dns (inside my lan) to resolve the hostname, i can reach the service in the cluster, so traefik and the service is working just fine.
For the record I'm query http (80) inside my lan, and ssl off-loading everything in HAProxy running as a package in pfsense. When makin a query from outside the lan, i use cloudflare as DNS-provider, and ACME in pfsense to handle my certificates.
When i query the DNS from outside my lan using https, and the query resolves to my router running pfsense, the query hangs, and I can't reach my sevice at the k8s cluster.
If i have a service with a internal ip-address, everything works fine. I can resolve the DNS name, the HAProxy frontend ssl-offloads and filter the domaine names using ACL, and sending the trafic to the corresponding backends, and i have a secure connection from my browser with a valid let's encrypt certificate.
So my theory is, that the domaine name (host header) is not sent through to the backend service, and thats why the Traefik proxy in the k8s cluster, can not match the domaine name.
I have tried to set in: HAProxy - frontend - actions:
http-request header set
Conditon acl names: <backend_service>
name: Host
fmt: <the_domaine_name>
But that did not work....
Any suggestions ?
Regard
/peterweissdk