Traefik behind Traefik

muebau · March 12, 2022, 5:38pm

Hello,
I have a Traefik up and running wth docker, LetsEncrypt, etc.. There are several containers working with HTTPs like Protainer, Dashboard@traefik.

I am very happy with that.

The problem comes with some (internal) servers connected via Wireguard. As I start to like Traefik there is a Traefik on every server. This servers work great and (would) do their LetsEncrypt on their own. Some servers are out of my reach but all do port 80 (HTTP), 443/TCP (HTTPS=>HTTP2) and soon 443/UDP (HTTP3).

In short:
What to do if there is a full server with HTTP/HTTP2/HTTP3 and LetsEncrypt behind a Traefik?

Question:
How can I write rules to:

direct any request on entrypoint (80/HTTP) to some docker container (wireguard container, for some domain name) WITHOUT touching it (HTTPS redirect) to allow LetsEncrypt somewhere else?
pass-through ALL TLS traffic for some domain to the container? <= I think I got this one working
pass-through ALL TLS UDP traffic like in "2." but this time for HTTP3?

I hope I was able to explain the main idea.

Best regards
muebau

s1111um · April 6, 2023, 5:54am

We might be searching for a similar solution:
Traefik -> TCP -> Traefik

Topic		Replies	Views
(Potential) problems by letting Traefik handle https and using http to the backend Traefik v2 docker , letsencrypt-acme	2	1963	November 21, 2022
Traefik and Wireguard / HTTPS redirect for internal hosts Traefik v2 docker , udp	3	2466	January 14, 2024
TLS with letsencrypt for TCP to Mongo? Traefik v2 docker , letsencrypt-acme , tcp	5	2482	December 5, 2023
Info and installation improvement Traefik v2 docker , tcp	7	758	November 5, 2023
Why does Traefik allow unencrypted HTTP over port 443? Traefik v2 tcp	8	1318	July 20, 2023

Traefik behind Traefik

Related topics