Hello,
In the v2 the static configuration and the dynamic configuration cannot be mixed by default: you have to create 2 files.
The dynamic configuration:
- https://docs.traefik.io/v2.0/getting-started/configuration-overview/#the-dynamic-configuration
- https://docs.traefik.io/v2.0/reference/dynamic-configuration/file/
The static configuration:
- https://docs.traefik.io/v2.0/getting-started/configuration-overview/#the-static-configuration
- https://docs.traefik.io/v2.0/reference/static-configuration/file/
so:
# traefik.toml
# Static configuration
[providers.docker]
exposedByDefault = false
network = "traefik"
defaultRule = ""
[providers.file]
filename = "dynamic.toml"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[certificatesResolvers.default.acme]
email = "certs@captnemo.in"
storage = "/acme/acme.json"
[certificatesResolvers.default.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
# dynamic.toml
# Dynamic configuration
[http.middlewares]
[http.middlewares.everything.redirectScheme]
scheme = "https"
[tcp.routers]
[tcp.routers.forwardtohome]
entryPoints = ["web-secure"]
rule = "HostSNI(`emby.bb8.fun`, `git.captnemo.in`)"
service = "homeserver"
[tcp.routers.forwardtohome.tls]
passthrough = true
[tcp.services]
[tcp.services.homeserver.loadBalancer]
[[tcp.services.homeserver.loadBalancer.servers]]
address = "10.8.0.14:443"
[tls.options]
[tls.options.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
Traefik on TCP only connect a port to another without any interaction with the content of the connection.
Why are you using TCP to handle HTTP?