Use Traefik as a reverse proxy for a MySQL docker container

Traefik Traefik v3 (latest)
,
1

Hi there. I have a docker container with MariaDB exposing port 3306, and a traefik instance on the host system exposing port 3305 and using TLS. I want to redirect the traffic from traefik to the container of MariaDB, so Traefik gets rid of the TLS negotiation and pass plain TCP to MariaDB container. I setup the static and dynamic config files, but when I tried to connect using the approach of the port 3305 the program waits a lot and finally traefik prints this:

ERR github.com/traefik/traefik/v3/pkg/server/router/tcp/postgres.go:32 > Error while Peeking first byte error="read tcp...

this is my static config file:

log:
  level: TRACE
  filePath: "/home/myuser/access.log"

entryPoints:
     mariadb:
       address: ":3305"

providers:
  file:
    filename: "/home/myuser/dynamic.yaml"

and this is my dynamic config file:

tcp:
  routers:
    mysql-router:
      entryPoints:
        - mariadb
      rule: "HostSNI(`*`)"
      service: mariadb
      tls: {}

  services:
    mariadb:
      loadBalancer:
        servers:
          - address: "127.0.0.1:3306"

I have searched in the community and Internet but I can not solve this.

2

How do you provide the TLS cert to Traefik?

3

Hi @bluepuma77. My error I did not copied all the text. This is my complete dynamic config file. Thanks for your time.

tcp:
  routers:
    mysql-router:
      entryPoints:
        - mariadb
      rule: "HostSNI(`*`)"
      service: mariadb
      tls: {}

  services:
    mariadb:
      loadBalancer:
        servers:
          - address: "127.0.0.1:3306"

tls:
  certificates:
    - certFile: /home/myuser/mariadb_certificate/certificate.crt
      keyFile: /home/myuser/mariadb_certificate/private.key
4

Try to set the cert as default in the TLS section (doc).

Make sure your cert is officially valid or load the required parts in the sql client.