Traefik Labs Community Forum

Traefik tcp router without tls

Traefik Traefik v2

iali April 28, 2024, 8:53pm 1

Hi, I would like to ask for info, maybe already requested, but I can't find solution.

I need to install several instances of postgres, mysql with docker compose and make them reachable via traefik.

if i create tcp router with HostSNI('*') it is not good, as each instance needs to be reached with domain name.

if i instead make the tcp router with Host('xxx.yy.com') and enable tls is not good, as the various applications that will connect from the outside to traefik to use the db, do not have the ability to conect to the db in ssl.

is there any way to make the various instances reachable from outside traefik without ssl?
Thx!

bluepuma77 April 29, 2024, 7:24am 2

No, it’s not possible.

A TCP/IP connection has a source and target IP. The client resolves a domain name to an IP address and connects to it to a port.

Protocols on top like TLS and http send the original requested domain name along, so a proxy can recognize the domain.

But SSH and databases usually do not use TLS, so you can find out the target domain from the incoming connection.

Workarounds: use different ports per service or different IP addresses (servers can have multiple).

Topic		Replies	Views	Activity
Traefik v2.0: Help setting up TCP w/TLS for MySQL Traefik v2 docker , tcp	4	3624	August 12, 2021
Traefik with TCP Routing for Postgres Docker Container Traefik v2 docker , file , tcp	0	580	May 2, 2022
TCP TLS server with non-TLS TCP router Traefik v2 file , tcp	6	5301	June 9, 2023
Problem enabling tcp router to postgres Traefik v2 tcp	0	1070	January 30, 2020
Help in TCP configure of traefik mapped postgresql container - hostSNI Traefik v2 docker	6	7002	February 16, 2022