TCP router gets F, http router gets A

jmls1 · November 21, 2023, 8:44pm

I have a service that has these labels

labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.${STACK}-app.rule=Host(`${STACK}.${DOMAIN}`)"
      - "traefik.http.routers.${STACK}-app.entrypoints=websecure"
      - "traefik.http.routers.${STACK}-app.tls.certresolver=myresolver"
      - "traefik.http.services.${STACK}-app.loadbalancer.server.port=3000"

when I start this stack, if I use SSL Server Test (Powered by Qualys SSL Labs) to validate, I get a big fat A

I now wanted to add a TCP port in the same server (express) for certain command/control

so I added the labels (to the same container)

      - "traefik.tcp.routers.${STACK}-app.rule=HostSNI(`${STACK}-socket.${DOMAIN}`)"
      - "traefik.tcp.routers.${STACK}-app.entrypoints=websecure"
      - "traefik.tcp.routers.${STACK}-app.tls.certresolver=myresolver"
      - "traefik.tcp.services.${STACK}-app.loadbalancer.server.port=42000"

so the idea is that I'd get 2 hosts stack.domain and stack-socket.domain

system starts, service starts. however, if I visit the ssl site again, I now get a big fat F for the stack-socket.domain host

confused why https is A while TCP is F

Any insights would be most welcome

bluepuma77 · November 22, 2023, 7:10am

You should use different router/service names in the labels for the different targets, not the same ${STACK}-app.

Is the F a result of the reverse proxy and TLS or might that be connected to the target service?

jmls1 · November 22, 2023, 9:45am

thanks. Have updated the service / router names to be unique for the target.

Same result though.

However, I did notice this

which may imply that if I

a) turn off TLS1.2
b) remove the weak ciphers

may fix the problem

I think a) is achievable using the minTls setting
will have to look into b)

bluepuma77 · November 22, 2023, 11:44am

That can both be configured in a dynamic config file, loaded in static config via providers.file.

Every now and then you see it in the posts here.

Topic		Replies	Views
Info and installation improvement Traefik v2 docker , tcp	7	889	November 5, 2023
TCP catch-all router issue Traefik v2 docker-swarm , tcp	12	4003	June 27, 2022
Http2 with http and tcp routers Traefik v2 tcp	2	1047	December 28, 2023
TCP and HTTP/s docker example Traefik v2 docker	0	4503	December 17, 2020
Configure TCP whoamitcp Traefik v2 tcp	6	1761	May 1, 2020

TCP router gets F, http router gets A

Related topics