Hello everyone,
I haven't been on traefik for long (a few months) but I really like the concept, the ease of use and the granularity of configuration with the middleware to be placed directly in the router configuration.
Today, however, I have some questions, I am in the process of installing ZTN (Zero Trust Network) on my network, and I am trying to pass requests through Traefik. What I managed to do successfully thanks to a TCP router! My problem is that in the TCP router configurations we cannot activate the middleware (except 2 but which do not interest me at all for network security).
On this post Host and HostSNI
it is indicated that HostSNI would be configurable via HTTPS but unfortunately I did not succeed:
invalid rule HostSNI(MYDOMAINE.NET), error: error while parsing rule HostSNI(MYDOMAINE.NET): unsupported function: HostSNI
Could I be wrong somewhere? my goal is to be able to secure access to my ZTN thanks to middleware, otherwise, if not possible, there is no point in putting it on a reverse proxy and I might as well provide granularity on the firewall
here config work with TCP router:
tcp:
routers:
ziti-controller:
entryPoints:
- "websecure"
rule: "HostSNI(HOST0.DOMAINE.NET)"
service: ziti-controller-service
tls:
passthrough: true
ziti-router:
entryPoints:
- "websecure"
rule: "HostSNI(HOST1.DOMAINE.NET)"
service: ziti-router-service
tls:
passthrough: true
services:
ziti-controller-service:
loadBalancer:
servers:
- address: "192.168.X.X:443"
ziti-router-service:
loadBalancer:
servers:
- address: "192.168.X.X:443"