TLS Pasthrough not working

Traefik Traefik v2
,
1

Hi, I created a TLS router with TLS passthrough as follows
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: test
namespace: test-qa
spec:
entryPoints:

  • websecure
    routes:
  • match: HostSNIRegexp({subdomain:[a-zA-Z0-9-]+}\.test\.com$)
    services:
    • name: test
      namespace: test-qa
      port: 8080
      tls:
      passthrough: true

When i curl my website curl -v https://domain1.test.com/api/test/v1/ I see 404 page not found error. In traefik logs I see the following
time="2024-04-01T12:14:45Z" level=debug msg="Serving default certificate for request: "domain1.test.com""

10.245.5.0 - - [01/Apr/2024:12:14:45 +0000] "GET /api/test/v1/ HTTP/2.0" 404 19 "-" "-" 22201 "-" "-" 0ms

couple of questions here -

  1. I am not sure if traefik is forwarding just the path to the backend and getting 404 or is it passing the host+path to the backend and getting 404. I don't see any access logs on my backend envoy running on port 8080...
  2. I don't see this TCProuter on traefik dashboard where as i see the other HTTP routers I have.
2

From Traefik Docker I know you can set access log to JSON format to see differentiated OriginStatus (from target) and DownstreamStatus (from Traefik).

3

I was able to fix the 2nd issue above by adding annotations of ingress controller on my ingressroutetCP resource.

I still see 404 page not found errors. Instead of using HostSNIRegexp({subdomain:[a-zA-Z0-9-]+}\.test\.com$), I updated to HostSNI(*) and I was able to hit the backend successfully. Not sure why it is not working with domain name? Any idea @bluepuma77

4

No idea, not a fan of Traefik regex.

5

HostSNIRegexp({subdomain:[a-zA-Z0-9-]+}.test.com ) this worked