Currently i am using tls.passhtorugh on TCP routers, in order to proxy HTTP backends.
Now i would like to use HTTP middlewares (custom response Headers) in front of such HTTP backends, but i cannot, because i am using TCProuters ... is there a way to achieve this using http routers only ?
I assume you don’t have any certificates installed in Traefik when using TCP router with pass through.
For Traefik to be able to look into the requests (and modify the headers), you need to enable TLS with Traefik. If you have purchased TLS certs, you can simply add them via dynamic config.
If the internal service port is TLS, I think Traefik will automatically forward the request encrypted. If its a special cert, you can add the required certificates:
# static config, for all internal connections
serversTransport:
rootCAs:
- foo.crt
- bar.crt
i see, your point makes totally sense, i cannot passthrough HTTP if traefik does not know how to "read" the content of the message ... that would be basically a Man in the middle attempt 
So basically you are suggesting to terminate SSL from the client to traefik and then reopen a secure connection from traefik to the backend service using the same certificates. In which case the certificate need to be shared between traefik and the backend service.
is my understanding correct?
thanks for the response