Traefik 2.9.x and Unifi-Controller as backend - internal server error 500

Hi guys,

first post here, so please be nice :wink:

I'd like to use traefik as reverse proxy for all of my docker containers and one of them is my unifi-controller.

The challenge is that the certificate issued by the unifi-controller itself is not trusted as the CA of this certificate is not known to traefik. Thus, the debug log of traefik always states:

level=debug msg="'500 Internal Server Error' caused by: tls: failed to verify certificate: x509: cannot validate certificate for 10.200.0.30 because it doesn't contain any IP SANs"

The certificate which I have created for unifi.mydomain.xyz includes both, the DNS name and the IP address which I assigned in my docker-compose.yaml file but it didn't fix the issue (it is caused by the backend and not by my certificate)

There are several approaches and a lot of topics which I checked in advance before this post. The option which I'd like to get working is insecureSkipVerify

For my understanding you cannot use this option as a label per service?
The option can be used as provider and as router/LB option according to the traefik documentation. I tried to configure both as global parameter for my traefik container itself, but no success with both options. The error message remains as shown above.

How is it possible to skip the verification that my unifi-controller can be proxified with traefik?

Thanks.

Cheers
P4SQL

You can either set insecureSkipVerify globally in static config for all request forwards to target services, or you define a serverTransport with insecureSkipVerify and assign it to your service. (Docs, docs)