Traefik and Wireguard / HTTPS redirect for internal hosts

Hi,

I have the following setup: Docker Traefik managing SSL, reverse Proxying to multiple docker services: Nextcloud, Baserow. These services are accessed from the public internet. So https//nextcloud.domain.com, https//baserow.domain.com, etc. Each Docker container / service is also configured on an internal IP network.

Im trying to setup Wireguard VPN behind Traefik so that when I connect through the VPN Client I can still access https//nextcloud.domain.com through the internal IP.

Right now I've got DNS working with the VPN where when you connect to VPN I can ping nextcloud.domain.com and it resolves to the internal ip. I can also browse http//nextcloud.domain.com (internal ip). But I want to be able to browse https://nextcloud.domain.com (over internal) and have Traefik serve up SSL / redirect.

How can I make Traefik re-direct the VPN (internal IP) traffic to HTTPS for these services? I've already configured Wireguard label with UDP and Traefik configuration for UDP port 51820 with no luck. Is there anyway to confirm when I connect to the VPN it is actually routing through Traefik?

Any help would be much appreciated. Thanks

Why do you want WireGuard "behind" Traefik? You should be able to have WireGuard in front of Traefik, too, qqjust connect both also to private IPs and let WireGuard supply DNS to clients.

Either behind it or not would be fine. The thing is I want Traefik to serve up https when it connects through the VPN and those services through internal IP. Like I said I can get to http://nextcloud.domain.com fine but not https because it's not routing through traefik.

Maybe check wg-easy (link), which we use for simple WireGuard VPN.

All domains Traefik LE should create TLS certs for need to exist and be reachable from the Internet. Only more complicated dnsChallenge enables certs without reachable domains.