Use TLS passthrough

2025-12-24 21:57:55 +01:00
parent 82f6d992af
commit 35ff8b4697
2 changed files with 20 additions and 7 deletions
--- a/dev/route-to-staging-dev.yaml
+++ b/dev/route-to-staging-dev.yaml
@@ -8,14 +8,27 @@ http:
      service: "dev-staging"
      priority: 1000000

-    # Router for HTTPS (Port 443)
+    # # Router for HTTPS (Port 443)
+    # staging-secure:
+    #   rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)"
+    #   entryPoints:
+    #     - "https"
+    #   service: "dev-staging-secure"
+    #   priority: 100
+    #   tls: {} # <--- This enables TLS for this router
+
+tcp:
+  routers:
+    # Router for HTTPS (Passthrough)
    staging-secure:
-      rule: "Host(`staging.kovagoadi.hu`) || Host(`dev.kovagoadi.hu`)"
+      rule: "HostSNI(`staging.kovagoadi.hu`) || HostSNI(`dev.kovagoadi.hu`)"
+      service: "staging-secure"
+      # Passthrough must be true for SSL to reach Nginx encrypted
+      tls:
+        passthrough: true
+      priority: 100
      entryPoints:
        - "https"
-      service: "dev-staging-secure"
-      priority: 100
-      tls: {} # <--- This enables TLS for this router

  services:
    dev-staging:
@@ -27,4 +40,4 @@ http:
      loadBalancer:
        servers:
          # Note: Ensure Traefik trusts the cert at .85 or set insecureSkipVerify
-          - url: "https://192.168.1.85:445"
+          - address: "192.168.1.85:445"
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,5 +1,5 @@
 services:
-  traefik4:
+  traefik5:
    image: "traefik:v3.6@sha256:67622638cd88dbfcfba40159bc652ecf0aea0e032f8a3c7e3134ae7c037b9910"
    restart: unless-stopped
    security_opt: