TCP TLS server with non-TLS TCP router

I have an older application that has no TLS support that needs to make TLS TCP connections to a certain IP. I was hoping to use Traefik v2 for this. Can Traefik listen for TCP connections that don't use TLS, and then make a TLS connection to a backend service? Here's how I was envisioning the configuration:

      entryPoints = ["EntryPoint0"]
      # Catch every request (only available rule for non-tls routers. See below.)
      rule = "HostSNI(`*`)"
      service = "BackendTCPService"
         address = "localhost:8050"
         tls = true
1 Like

looking for a similar solution! is it possible to have a TCP SSL/TLS Backend-service? or is this not supported yet?
Best Regards

I ended up not using Traefik to solve this. I used Stunnel. It's not Dockerized and the documentation is a little clunky, but I got it working.

I managed to achieve this. My goal was to placing mqtt broker (rabbitmq) behind traefik, so that for single container I am exposing 3 endpoints https for management, mqtt for unencrypted TCP traffic and mqtts for encrypted TCP traffic.

part of traefik.toml:

    address = ":80"
    address = ":443"
    address = ":1883"
    address = ":8883"

and part of docker-compose.yml:

    image: rabbitmq:management
    restart: always

      - ./config/rabbitmq/advanced.config:/etc/rabbitmq/advanced.config:ro
      - ./config/rabbitmq/enabled_plugins:/etc/rabbitmq/enabled_plugins:ro
      - rabbitmq_data:/var/lib/rabbitmq

      - "traefik.enable=true"
      - "traefik.http.routers.router-broker-mgmt.rule=Host(`broker.${PROXY_BASE_DOMAIN}`)"
      - "traefik.http.routers.router-broker-mgmt.tls=true"
      - "traefik.http.routers.router-broker-mgmt.tls.certresolver=le"
      - "traefik.http.routers.router-broker-mgmt.entrypoints=https"
      - "traefik.http.routers.router-broker-mgmt.service=service-broker-mgmt"
      - ""

      - "traefik.tcp.routers.router-broker-mqtts.rule=HostSNI(`broker.${PROXY_BASE_DOMAIN}`)"
      - "traefik.tcp.routers.router-broker-mqtts.tls=true"
      - "traefik.tcp.routers.router-broker-mqtts.tls.certresolver=le"
      - "traefik.tcp.routers.router-broker-mqtts.entrypoints=mqtts"
      - "traefik.tcp.routers.router-broker-mqtts.service=service-broker-mqtts"
      - ""

      - "traefik.tcp.routers.router-broker-mqtt.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.router-broker-mqtt.entrypoints=mqtt"
      - "traefik.tcp.routers.router-broker-mqtt.service=service-broker-mqtt"
      - ""

you have to play with converting labels into toml.

1 Like