Hi,
I'm trying to use Traefik to route to a non docker server with an selfsigned https certificate.
[file]
[frontends]
[frontends.mail]
backend = "mail"
passHostHeader = true
[frontends.mail.routes]
[frontends.mail.routes.route0]
rule = "Host:xxx.test.net"
[frontends.mail.auth.forward.tls]
insecureSkipVerify = true
[backends]
[backends.mail]
[backends.mail.auth.forward.tls]
insecureSkipVerify = true
[backends.mail.servers]
[backends.mail.servers.server0]
url = "https://xxx.int.test.net"
weight = 1
Now I get the error message from Traefik:
"Error calling . Cause: Get : unsupported protocol scheme """
any hint? I can't find an example with a https backend...
ldez
July 13, 2019, 2:24pm
2
Hello,
This section is related to forward-authentication
Then the insecureSkipVerify apply on the authentication and not on the frontend.
It's not a valid section: forward-authentication only exists on frontends and entry points.
I think that a error come because you activated the forward-authentication, then you have to remove the related section.
Hi,
thanks for your reply, I deleted the backend section (the tls part) but the error remains the same, no change.
'500 Internal Server Error' caused by: x509: certificate signed by unknown authority
This is in my case expected because of the self signed cert...
sorry to bump this up but really no one has an idea how to reverse proxy to a backend with a self signed cert?
This is because, indeed, your certificate is signed by an unknown authority.
You need to skip certificate verification to allow Traefik to connect with that certificate.
The insecureSkipVerify configuration will do just this, however please note that it disables verification for all connections, not just for one server.
thanks, I was aware of that issue with the self signed cert, but if I use the insecureSkipVerify option the error changes to
"Error calling . Cause: Get : unsupported protocol scheme """
No idea how to solve that
Hello @cybermcm ,
Can you please provide the toml you are currently using, as it seems you have made some modifications from previously posted code snippets.
Thanks!
thx for taking a look @daniel.tomcej
[file]
[frontends]
[frontends.mail]
backend = "mail"
passHostHeader = true
[frontends.mail.routes]
[frontends.mail.routes.route0]
rule = "Host:mail.xyz.net"
[frontends.mail.auth.forward.tls]
insecureSkipVerify = true
[backends]
[backends.mail]
[backends.mail.servers]
[backends.mail.servers.server0]
url = "https://s003"
weight = 1
level=debug msg="Error calling . Cause: Get : unsupported protocol scheme """
The reason you are seeing this error message:
Is because you have enabled forward authentication, but have not provided it a URL to forward the request to. Hence, the empty scheme in the error.
[frontends]
[frontends.mail]
backend = "mail"
passHostHeader = true
[frontends.mail.routes]
[frontends.mail.routes.route0]
rule = "Host:mail.xyz.net"
[frontends.mail.auth.forward.tls] # <-----
insecureSkipVerify = true # <----- Missing address
An example of what we mean would be this:
insecureSkipVerify = true
[file]
[frontends]
[frontends.mail]
backend = "mail"
passHostHeader = true
[frontends.mail.routes]
[frontends.mail.routes.route0]
rule = "Host:mail.xyz.net"
[backends]
[backends.mail]
[backends.mail.servers]
[backends.mail.servers.server0]
url = "https://s003"
weight = 1
As the insecureSkipVerify is a Global setting, not per-frontend or backend.
daniel.tomcej:
insecureSkipVerify
You solved my puzzle!! The setting has to be put in as global setting, didn't notice that.