ServerTransport and insecureSkipVerify specific hosts

Traefik Traefik v2
,
1

In the docker-compose with the cli command of - "--serversTransport.insecureSkipVerify=true" I can reach the external host. But what I cant figure out is how to use ServerTransport and using insecureSkipVerify on specific hosts rather than using the global option? Stuck with an error of Internal Server Error caused by: x509: cannot validate certificate for 192.168.10.10 because it doesn't contain any IP SANs"

dynamic config:

http:
  middlewares:
    test-auth:
      basicAuth:
        usersFile: "/rules/htpasswd"
    test-ratelimit:
      rateLimit:
        average: 100
        burst: 50
    idrac:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https
  routers:
    idrac1:
      rule: "Host(`idrac1.my.domain`)"
      priority: 1000
      entryPoints:
        - websecure
      middlewares:
        - idrac
      service: idrac1
      tls:
        certResolver: myresolver
  services:
    idrac1:
      loadBalancer:
        servers:
          - url: "https://192.168.10.10:443"  # or whatever your external host's IP:port is 
        passHostHeader: true
        # sticky:
        #   cookie:
        #     name: "__Secure-idrac1.my.domain"
        #     secure: true
        #     httpOnly: true
        #     sameSite: "none"
  serversTransports:
    mytransport:
      serverName: "idrac1.my.domain"
      # serverName: "192.168.10.10"
      insecureSkipVerify: true
2

I think I figured some of it out while making several changes i cannot all recall. But in the documentation for the section on [Services - Traefik](https://routing services docs) services it uses the name (node?) serversTransport: But outside of services-but still indented at that peer level- serversTransports: it uses a different name in the docs, the s is added at the end.
Also if you check your debug logs there should be some error about about a node? in this case insecureSkipVerify. So in the end using the two slightly different names fixed it?

1 Like
3

I just spent all morning, and part of this afternoon trying to figure out why my config wasn't working, and it was serversTransport vs. serversTransports.

Thank you @rombo for cluing me in on that.

1 Like