From 35ff8b46978173d452fd2cde01837cd1a2142a95 Mon Sep 17 00:00:00 2001 From: kovagoadi Date: Wed, 24 Dec 2025 21:57:55 +0100 Subject: [PATCH] Use TLS passthrough --- dev/route-to-staging-dev.yaml | 25 +++++++++++++++++++------ docker-compose.yaml | 2 +- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/dev/route-to-staging-dev.yaml b/dev/route-to-staging-dev.yaml index 51fef4f..c06a442 100644 --- a/dev/route-to-staging-dev.yaml +++ b/dev/route-to-staging-dev.yaml @@ -8,14 +8,27 @@ http: service: "dev-staging" priority: 1000000 - # Router for HTTPS (Port 443) + # # Router for HTTPS (Port 443) + # staging-secure: + # rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)" + # entryPoints: + # - "https" + # service: "dev-staging-secure" + # priority: 100 + # tls: {} # <--- This enables TLS for this router + +tcp: + routers: + # Router for HTTPS (Passthrough) staging-secure: - rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)" + rule: "HostSNI(`staging.kovagoadi.hu`) || HostSNI(`dev.kovagoadi.hu`)" + service: "staging-secure" + # Passthrough must be true for SSL to reach Nginx encrypted + tls: + passthrough: true + priority: 100 entryPoints: - "https" - service: "dev-staging-secure" - priority: 100 - tls: {} # <--- This enables TLS for this router services: dev-staging: @@ -27,4 +40,4 @@ http: loadBalancer: servers: # Note: Ensure Traefik trusts the cert at .85 or set insecureSkipVerify - - url: "https://192.168.1.85:445" \ No newline at end of file + - address: "192.168.1.85:445" \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 565bfb9..20020e2 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,5 +1,5 @@ services: - traefik4: + traefik5: image: "traefik:v3.6@sha256:67622638cd88dbfcfba40159bc652ecf0aea0e032f8a3c7e3134ae7c037b9910" restart: unless-stopped security_opt: