Using HostSNI for HTTPS


I have a docker stack that provides a REST API as well as an authentication service.

The Authentication service requires mTLS for the browser to present a client certificate.

I have a few questions:

  • Does HostSNI even work for HTTP services? I only ever seen it mentioned with TCP but would HTTP request go through ok regardless?
  • Can HostSNI work with PathPrefix? Such that my api looks like:
  • Can all this be configured using docker-compose labels? Or do I need to make a toml?

As far as my experience goes with the routers I've only used HostSNI voor TCP routers.
And that is in my cases useful when the container it self deals with TLS.

Then you get a router setup like:
http route -> https redirect middleware -> tcp router -> container.

The http route matches on Host(
Thee tcp route matches on HostSNI(

And you can combine matchers with && or ||

And all can be configured with labels in docker-compose