I am trying to setup a test system with two domains. Say, server1.com and server2.com. I define the secure entryPoint, define one router and one service - a simple loadBalancer with just one URL. When I hit the endPoint like this:
$ curl -k https://server1.com/ or $ curl -k https://server2.com/
Everything works alright. The requests are forwarded to my service and I see the X-Forwarded-Host header with server1.com or server2.com.
The problem comes if I do this:
$ curl -k -H "host: server2.com" https://server1.com
Now I still get the X-Forwarded-Host with server2.com but I have no indication that the TLS connection was made for server1.com
Is there any way to pass this information to my service? This is an important thing to know for my application.
I use the 'passTLSClientCert' middleware to pass on client certificate details. If I could pass on the server cert used, my problem would be solved too.
Here is my static yaml for Traefik:
entryPoints:
web:
address: ":8123"
websecure:
address: ":8124"
http2:
maxConcurrentStreams: 250
traefik:
address: ":8082"
log:
level: TRACE
accessLog: {}
api:
insecure: true
dashboard: true
debug: true
providers:
file:
filename: /etc/traefik/dyn-config.yaml
watch: true
And my dynamic yaml:
http:
routers:
router1:
rule: "Path(`/`)"
service: service1
tls: true
entryPoints:
- "websecure"
middlewares:
- "sendclientcert"
router2:
rule: "Path(`/`)"
service: service1
tls: false
entryPoints:
- "web"
services:
service1:
loadBalancer:
servers:
- url: "http://my-server:5555"
middlewares:
sendclientcert:
passTLSClientCert:
pem: true
info:
serialNumber: true
subject:
commonName: true
serialNumber: true
issuer:
commonName: true
serialNumber: true
tls:
certificates:
- certFile: "/etc/traefik/our-keys/server1-cert.pem"
keyFile: "/etc/traefik/our-keys/server1-key.pem"
stores:
- default
- certFile: "/etc/traefik/our-keys/server2-cert.pem"
keyFile: "/etc/traefik/our-keys/server2-key.pem"
stores:
- default
options:
default:
clientAuth:
clientAuthType: RequireAnyClientCert
And I use this shell script to run the Traefik image for testing - I don't use docker-compose:
docker run \
-it \
--rm \
--name traefik \
--mount type=bind,source=/my/test/setup,target=/etc/traefik,readonly \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,readonly \
--hostname traefik \
--network host \
-m 2g \
traefik \
--configFile=/etc/traefik/static-config.yaml
Thanks.