Using HostSNI for HTTPS

ImVexed · April 1, 2020, 9:58pm

Hello,

I have a docker stack that provides a REST API as well as an authentication service.

The Authentication service requires mTLS for the browser to present a client certificate.

I have a few questions:

Does HostSNI even work for HTTP services? I only ever seen it mentioned with TCP but would HTTP request go through ok regardless?
Can HostSNI work with PathPrefix? Such that my api looks like:
- domain.com/api -> backend container not mTLS
- domain.com/pki -> authentication container with mTLS
Can all this be configured using docker-compose labels? Or do I need to make a toml?

lars · April 2, 2020, 12:16pm

As far as my experience goes with the routers I've only used HostSNI voor TCP routers.
And that is in my cases useful when the container it self deals with TLS.

Then you get a router setup like:
http route -> https redirect middleware -> tcp router -> container.

The http route matches on Host(my.host)
Thee tcp route matches on HostSNI(my.host)

And you can combine matchers with && or ||

And all can be configured with labels in docker-compose

Topic		Replies	Views
Forward http(s) traffic not matching SNI to outside Traefik v2 (latest) docker	2	349	June 2, 2023
TCP Router Priority Traefik v2 (latest) docker , tcp	9	2190	September 21, 2022
Catch-all for all https traffic into one container? Traefik v2 (latest) docker	3	489	June 16, 2023
How to route requests directly to server IP to docker container only if it doesn't match existing host rules? Traefik v2 (latest) docker	1	670	July 28, 2020
Different container behind "/" and "/api/" - how? Traefik v2 (latest) docker	10	1421	September 12, 2020

Using HostSNI for HTTPS

Related Topics