Stop serving default cert when connecting to IP without DNS name

Traefik Traefik v1
,
1

Hi there,

We have a GCP GKE setup with traefik as our ingress controller.

The problem is that when we hit (http GET) the IP of our LB, traefik responds with the TRAEFIK DEFAULT CERT (Self signed root certificate).

Can we configure traefik so that it doesn't respond at all, or at least it responds without an invalid certificate?

If neither of these are possible, can we stop it from redirecting to https connections?

2

@sirodoht,

You can either enable strict SNI mode:

(https://docs.traefik.io/v1.7/configuration/entrypoints/#strict-sni-checking)

or configure a default certificate that is served instead of the traefik certificate:

(https://docs.traefik.io/v1.7/configuration/entrypoints/#default-certificate)

1 Like