Traefik letsencrypt dnschallenge workaround with haproxy

Hello everybody,

I am trying to use haproxy to redirect traffic based on the url to different traefic instances in docker containers.

The goal is to overcome shortcomings of traefic in handling multiple dns challenge configurations within one instance.

My problem:

The goal:

Thank you very much for any help with this!

Configurations and Setup:

The setup looks like this:

                             |          |
+----------------------+     | ATraefik |
|                      |     |          |
| +<--->+----------+
|haproxy               |
| +<--->+----------+
|                      |     |          |
+----------------------+     | BTraefik |
                             |          |


frontend https_in
    bind *:443

    acl host_a hdr(host) -i
    acl host_b hdr(host) -i   

    use_backend a_websecure if host_a
    use_backend b_websecure if host_b

backend a_websecure
    server a_traeifk a_traefik:444

backend b_websecure
    server b_traeifk b_traefik:445


      - --log.level=DEBUG
      - --api
      - --entryPoints.web.address=:81
      - --entryPoints.websecure.address=:444
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false

It does not sound to me that you can solve this problem in traedfik level. If you use two traefik instances on the same box they cannot be exposed via the same 443 port. So my suggestions:

  • Find out if it's possible to configure on haProxy side, and if yes, follow their advise on how to do it
  • Or; Configure that box network to have multiple ip address and assign each container to it's own ip address. This way you will be able to use 443 for both traefik instances. I have never done this, but cursory googling indicates that this might be possible.

Good luck!
PS. For future readers, the issue with DNS challenges, that OP is referring to is this one:

1 Like

Thank you very much for your quick reply. I will try to solve the issue on the haproxy side. If I find a solution I will report back here, as the dnschallenge setup seems to be a topic of interest for mor people.

Thank you very much for your quick reply. I will try to follow your advice.

@nando did you get this working? when i try i get 522 errors