Route TCP to an SFTP server

ArthurMitchell42 · July 1, 2023, 4:57pm

I'm extending my Traefik setup to have a new entry point and route SFTP traffic to a server inside the network. At the moment I can't get any connection at all and the logs, even set to debug haven't given me any data to work on.
My static setup is now as follows:

entryPoints:
  #--------------------------
  http:
    address: :6080
    forwardedHeaders:
      trustedIPs: 10.0.10.0/24,172.16.0.0/16,192.168.0.0/16,fc00::/7
      insecure: false
    proxyProtocol:
      trustedIPs: 10.0.10.0/24,172.16.0.0/16,192.168.0.0/16,fc00::/7
      insecure: false
    http:
      redirections:
        entrypoint:
          to: https
          scheme: https
  #--------------------------
  https:
    address: :6443
    forwardedHeaders:
      trustedIPs: 10.0.10.0/24,172.16.0.0/16,192.168.0.0/16,fc00::/7
      insecure: false
    proxyProtocol:
      trustedIPs: 10.0.10.0/24,172.16.0.0/16,192.168.0.0/16,fc00::/7
      insecure: false
    http:
      tls:
        certResolver: letsencrypt
  #--------------------------
  traefik:
    address: :6081
    forwardedHeaders:
      trustedIPs: 10.0.10.0/24,172.16.0.0/16,192.168.0.0/16,fc00::/7
      insecure: false
    proxyProtocol:
      trustedIPs: 10.0.10.0/24,172.16.0.0/16,192.168.0.0/16,fc00::/7
      insecure: false
  #--------------------------
  sftp:
    address: :2223/tcp

and in the dynamic file I've added a tcp: section as follows:

tcp:
  routers:
    sftp-router:
      entryPoints:
        - "sftp"
      rule: "HostSNI(`*`)"
      service: "sftp-service"
      tls:
        passthrough: true

  services:
    sftp-service:
      loadBalancer:
        servers:
          - address: "10.0.10.10:2222"

in the Traefik log all I see is:

time="2023-07-01T16:57:44+01:00" level=debug msg="Starting TCP Server" entryPointName=sftp
time="2023-07-01T16:57:44+01:00" level=debug msg="Creating middleware" entryPointName=sftp middlewareName=metrics-entrypoint middlewareType=Metrics
time="2023-07-01T16:57:44+01:00" level=debug msg="Creating TCP server 0 at 10.0.10.10:2222" serverName=0 entryPointName=sftp routerName=sftp-router@file serviceName=sftp-service
time="2023-07-01T16:57:44+01:00" level=debug msg="Adding Passthrough route for \"HostSNI(`*`)\"" entryPointName=sftp routerName=sftp-router@file

My first question is, have I got this setup completely wrong please? The HTTP(S) routing is fine and has been for the last 2 years, I just can't get any TCP path to the SFTP server.
Thanks, Arthur

bluepuma77 · July 1, 2023, 6:34pm

I think when using

    tls:
        passthrough: true

you enable TLS in Traefik on that route, but you want it to pass as plain TCP, so try removing it.

See simple Traefik TCP example.

ArthurMitchell42 · July 1, 2023, 8:09pm

Thank you, that did the trick nicely.

system · July 4, 2023, 8:10pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik + Docker + sftpgo - tcp connection issues Traefik v2 docker , tcp	2	2146	February 20, 2024
TCP router with TLS not working Traefik v2 tcp	1	1286	October 31, 2019
Configure TCP whoamitcp Traefik v2 tcp	6	1734	May 1, 2020
Using Both http and tcp in traefik routing Traefik v2 tcp	5	3051	May 5, 2021
TCP reverse proxy working for HTTPS but not HTTP Traefik v2 file , tcp	2	904	June 1, 2020

Route TCP to an SFTP server

Related topics