Proxy traffic to service via HTTPS

Traefik Traefik v2 (latest)
1

Hey there,

first of all Traefik proxy is working great for me to terminate SSL traffic and forward to internal services.
Now in order to follow a zero trust policy I would like to encrypt the traffic between Traefik Proxy and the services it forwards to.

I am in control over the Root CA and can easily secure all the services. Unfortunately I have only encountered Internal Server Errors so far when I simply set the target URL to https://URL instead of http://URL.

Is there a crucial piece of configuration that I am missing in order to get this working?

2

You can globally ignore the TLS checks:

# static config, for all internal connections
serversTransport:
  insecureSkipVerify: true

or add the required certificates:

# static config, for all internal connections
serversTransport:
  rootCAs:
    - foo.crt
    - bar.crt

Or you can do it per service: define a serverstransport in a dynamic config, use insecureskipverify or rootcas.
In this case you need to load the dynamic config from a file via provider.file, then don't forget to assign it to your service:

http:
  services:
    Service01:
      loadBalancer:
        serversTransport: mytransport
1 Like
3

Thanks!

It worked like a charm and any errors I was still encountering were quickly fixed with log.level = DEBUG :slight_smile:

4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.