I'm currently using an Nginx + Traefik v3 combination in my environment. I'm in the process of newly implementing Traefik, starting with our development server to learn its functionality.
Nginx is currently using ports 80/443, while Traefik is using ports 8080 and 8443 (as examples). Nginx acts as a reverse proxy for services managed by Traefik. The reason for continuing to use Nginx is for compatibility with existing legacy systems. My plan is to forward new domains to Traefik while gradually migrating legacy services.
During this transition, I want Traefik to manage wildcard certificates for specific subdomains without using the legacy certbot on the host. However, these certificates need to be shared with Nginx for continued legacy compatibility.
I'm looking for a solution to share the certificates renewed by Traefik with the host's Nginx. The Nginx version on the host cannot preread SNI, so it can't obtain host information without decoding the packet up to L7. I prefer not to make changes to this Nginx beyond simple configuration adjustments.
Even if it creates some overhead temporarily, I'd like to share certificates between Traefik and Nginx until all services are migrated. Is there an appropriate method to accomplish this?
I've attempted to manually convert the acme.json file to crt and key files, but I want to automate this process whenever a new certificate is generated.
Any insights or suggestions would be greatly appreciated!
