Hey,
I need some advice. I don't know if I'm going the right way.
I have a virtual PC running windows 10 and I need to connect to it via remote desktop.
From an internal network the connection works fine, but now I need to connect from outside. I have a domain remote-desktop.my-domain.cz:446 which is pointed to traefik in DNS. From this domain I need to redirect to 192.168.10.104:3389 (remote desktop) win10 and traefik are on the same internal network, so they can see each other.
I tried this configuration but it doesn't work for me:
tcp:
routers:
remote-desktop:
entryPoints:
- "web"
rule: "HostSNI(`remote-desktop.north.foxily.cz`)"
service: remote-desktop-server
services:
remote-desktop-server:
loadBalancer:
servers:
- address: "192.168.10.104:3389"
Thank you
Can you share your static config (entrypoints, etc), too?
Yes, here is the full traefik.yml
global:
checkNewVersion: true
sendAnonymousUsage: false # true by default
# (Optional) Log information
# ---
log:
level: ERROR # DEBUG, INFO, WARNING, ERROR, CRITICAL
format: common # common, json, logfmt
filePath: /var/log/traefik/traefik.log
# (Optional) Accesslog
# ---
# accesslog:
# format: common # common, json, logfmt
# filePath: /var/log/traefik/access.log
# (Optional) Enable API and Dashboard
# ---
api:
dashboard: true # true by default
insecure: true # Don't do this in production!
# Entry Points configuration
# ---
entryPoints:
web:
address: :80
# (Optional) Redirect to HTTPS
# ---
# http:
# redirections:
# entryPoint:
# to: websecure
# scheme: https
websecure:
address: :443
# Configure your CertificateResolver here...
# ---
certificatesResolvers:
staging:
acme:
email: lukas.zatloukal@foxily.cz
storage: /ssl-certs/acme.json
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
httpChallenge:
entryPoint: web
#
production:
acme:
email: lukas.zatloukal@foxily.cz
storage: /ssl-certs/acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
httpChallenge:
entryPoint: web
# (Optional) Overwrite Default Certificates
# tls:
# stores:
# default:
# defaultCertificate:
# certFile: /etc/traefik/certs/cert.pem
# keyFile: /etc/traefik/certs/cert-key.pem
# (Optional) Disable TLS version 1.0 and 1.1
# options:
# default:
# minVersion: VersionTLS12
providers:
docker:
exposedByDefault: false # Default is true
file:
# watch for dynamic configuration changes
directory: /etc/traefik
watch: true
tcp:
routers:
remote-desktop:
entryPoints:
- "web"
rule: "HostSNI(`remote-desktop.north.foxily.cz`)"
service: remote-desktop-server
services:
remote-desktop-server:
loadBalancer:
servers:
- address: "192.168.10.104:3389"
You need two configurations: static (entrypoints, certresolver) and dynamic (router, service). You can load the dynamic config in static with provider.file or use container labels.
I assume your service uses TCP and not HTTP protocol, therefore I would use a tlschallenge for the certresolver.