I have two services like: abc.com (app1 - financial app) and cde.com (app2 - Single page app)
abc.com(app1) needs to do Mtls, but cde.com(app2) no need.
I'm using EasyPanel for manager my services.
EasyPanel only permits changes in custom.yaml
My code from custom.yaml.
tls:
certificates:
- certFile: data/abc-crt.pem
keyFile: data/abc-key.pem
- certFile: data/cde.pem
keyFile: data/cde.key
options:
default:
minVersion: VersionTLS12
clientAuth:
caFiles:
- data/abc-ca-crt.pem
clientAuthType: RequireAndVerifyClientCert
Now when access abc.com, they request the my certs for auth and works fine. But when access cde.com also request the cert. and i dont need this.
How to solve this?
I try this in custom.yaml
http:
routers:
abc:
tls:
options: optABC
rule: Host(`abc.com`)
service: svc-abc
entryPoints:
- https
api-jdns:
tls:
options: optCDE
rule: Host(`cde.com`)
service: svc-cde
entryPoints:
- https
services:
svc-abc:
loadBalancer:
servers:
http://abc:80
svc-cde:
loadBalancer:
servers:
http://cde:80
tls:
options:
optABC
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
minVersion: VersionTLS12
sniStrict: true
clientAuth:
caFiles:
- data/ABC-ca-crt.pem
clientAuthType: RequireAndVerifyClientCert
optCDE:
clientAuth:
clientAuthType: NoClientCert
certificates:
- certFile: data/abc-cert.pem
keyFile: data/abc-key.key
- certFile: data/cde-cert.pem
keyFile: data/cde-key.key
Abc.com and cde.com in this case do not request a certificate. All domains work normally.
I need abc.com to be restricted, only those who have the CA certificate and client certificates need to enter.
If I change the TLS options in abc to default, both domains ask for certificate, not just one.