I have an older application that has no TLS support that needs to make TLS TCP connections to a certain IP. I was hoping to use Traefik v2 for this. Can Traefik listen for TCP connections that don't use TLS, and then make a TLS connection to a backend service? Here's how I was envisioning the configuration:
[tcp]
[tcp.routers]
[tcp.routers.FrontendTCPRouter]
entryPoints = ["EntryPoint0"]
# Catch every request (only available rule for non-tls routers. See below.)
rule = "HostSNI(`*`)"
service = "BackendTCPService"
[tcp.services]
[tcp.services.BackendTCPService.loadBalancer]
[[tcp.services.BackendTCPService.loadBalancer.servers]]
address = "localhost:8050"
tls = true
I ended up not using Traefik to solve this. I used Stunnel. It's not Dockerized and the documentation is a little clunky, but I got it working. https://www.stunnel.org
I managed to achieve this. My goal was to placing mqtt broker (rabbitmq) behind traefik, so that for single container I am exposing 3 endpoints https for management, mqtt for unencrypted TCP traffic and mqtts for encrypted TCP traffic.