Passthrough=true kills other routes

I am trying to set up a HTTP/HTTPS catch-all for any undefined domain to NGINX Proxy Manager. HTTP is working great, but lots of tissues on the HTTPS side.

To keep traefik from passing its default cert through I enabled passthrough, but that instantly kills communication on the other defined routers. I wouldn't expect a rule in one router to be able to affect the rule in another, so I am missing a key concept somewhere.

version: '3.3'
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped

#    ports:
#      - '880:80'
#      - '82:81'
 #     - '4443:443'
      DISABLE_IPV6: 'true'
      - data:/data
      - ssl:/etc/letsencrypt
      mode: replicated
      replicas: 1
      #Reverse Proxy SSL for Nginx Dashboard
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.rule=Host(``)"
      - "traefik.http.routers.nginx.entrypoints=websecure,web"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certresolver=letsencrypt"
      - "traefik.http.routers.nginx.service=nginx"
      - ""
      #Catch all traffic on Port 80 for Nginx Proxy Manager
      - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.http.routers.http-catchall.entrypoints=web'
      - "traefik.http.routers.http-catchall.priority=1"
      - ""
      - "traefik.http.routers.http-catchall.service=http-catchall"

      #Catch all traffic on Port 443 for Nginx Proxy Manager
      - 'traefik.http.routers.httpscatchall.rule=hostregexp(`{host:https.+}`)'
      - 'traefik.http.routers.httpscatchall.entrypoints=websecure'
      - "traefik.http.routers.httpscatchall.tls=true"
#      - 'traefik.tcp.routers.httpscatchall.tls.passthrough=true' <--- Kills the other two routes above
      - "traefik.http.routers.httpscatchall.priority=2"
      - ""
      - ""
      - "traefik.http.routers.httpscatchall.service=httpscatchall"
      #Proxy Network
#      - ""
      - traefik_public
            type: nfs 
            o: addr=,nfsvers=4
            device: :/volume2/docker-pool/nginx2/data
            type: nfs 
            o: addr=,nfsvers=4
            device: :/volume2/docker-pool/nginx2/ssl

    external: true

The logs will indicate the port cannot be found after uncommenting passthrough

{"container":"nginx2-nginx-4ghwh7ut4us8ufzo3u7i83dxi","level":"error","msg":"service \"nginx2-nginx\" error: port is missing","providerName":"docker","time":"2022-11-25T17:49:30-06:00"}

passthrough is a feature of the TCP router, not of the http router. And the TCP router will not check http requests to route by host.

You probably switch the whole router to TCP when setting the option. Note the traefik.tcp in your line.

Ahh, I noticed the contradiction but had seen a number of other samples mixing them and figured it somehow worked out.

I switched the routers for SSL to TCP, and that indeed stopped it from crashing the other routers, but now it is complaining my regexp rule is invalid, which isn't a surprise because I don't speak regex. I am also seeing that perhaps it needs to be a SNI rule, but I can't figure out the proper syntax for a catchall for that.

{"entryPointName":"websecure","level":"error","msg":"invalid rule: \"hostregexp(`{host:.+}`)\" , unsupported function: hostregexp","routerName":"httpscatchall@docker","time":"2022-11-26T11:57:16-06:00"}

Here is the latest config

      #Catch all traffic on Port 443 for Nginx Proxy Manager
      - 'traefik.tcp.routers.httpscatchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.tcp.routers.httpscatchall.entrypoints=websecure'
      - "traefik.tcp.routers.httpscatchall.tls=true"
      - 'traefik.tcp.routers.httpscatchall.tls.passthrough=true'
      - "traefik.tcp.routers.httpscatchall.priority=1"
      - ""
#      - ""
      - "traefik.tcp.routers.httpscatchall.service=httpscatchall"

Success! It seemed to simply be a wildcard statement.

      - 'traefik.tcp.routers.httpscatchall.rule=HostSNI(`*`)'

Can't thank you enough for your help here, and my other thread. You're awesome!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.