If you need to passthrough a visitor data, for example the IP, the LoadBalancer needs to have this . $ sudo vi include /etc/nginx/passthrough.conf; Add the following lines. So I depend on wildcard SSL certs. intermediate_example.com.crt (containing two certificates) example.com.csr (containing one certificate request) I'm using Traefik to host the site, and I've configured Traefik like so in the dynamic.yml config: tls: certificates: - certFile: "certs/example.com.cer" keyFile: "certs/example.com.key" stores: - default The app works if I pass ports directly from the docker container, but not through traefik. . My complete sample is here, but I will post the details below. Here are the links to some common uses of Traefik: Nginx proxy example - connect a basic Nginx proxy to Traefik. Traefik To load balance Oracle WebCenter Portal domain clusters, you can install the ingress-based Traefik load balancer (version 2.2.1 or later for production deployments) and configure it for non-SSL and SSL-based access of the application URL.Follow these steps to set up Traefik as a load balancer for an Oracle WebCenter Portal domain in a Kubernetes cluster: You can test with chrome --disable-http2 My current hypothesis is on how traefik handles connection reuse for http2 After doing all this, I could connect to the site on HTTPS but it kept . SSL passthrough with Traefik - Stack Overflow Traefik 文档,traefik . Server Name Indication (SNI) # I initially found nginx-proxy and docker-letsencrypt-nginx-proxy-companion.This was interesting but wasn't that straight forward to setup. Hence I mounted the "mail.mydomain.tld" in mailcow cert as the traefik default. The first instance that is called outside use has TLSPassthrough enabled and passes all HTTP requests to the another Traefik instance called inside. The Traefik documentation always displays the . It defaults to false. Traefik with docker-compose Add a tls: section to my traefik.yml file to declare the certificate files to Traefik on the path they were bound to in step 1. All traffic will get . For example, if you had Traefik setup on a router at the edge of your network, you could use a Let's encrypt cert to encrypt traffic between your device and Traefik. "Traefik 2.0 tls passthrough with docker ;ab" is published by Nithin Meppurathu. With labels in a compose file. Ultimate Docker Home Server with Traefik 2, LE, and OAuth / Authelia ... Of course, you can instruct prosody to use port 443 directly, but I prefer to keep it like this so I can easily see which connection goes to where. The idea is, o routes to App1 and j.example.com routes to App2, both have ALB with SSL already setup, so using SSL passthrough. To force redirects for Ingresses that do not specify a TLS-block at all, take a look at force-ssl-redirect in ConfigMap. Setting Up Traefik 2 with Local SSL Certificate - kevinquillen.com Traefik is published on ports 80, 443, and 8080 using the swarm ingress so you can connect to any docker node on these ports. support tcp (but there are issues for that on github). Traefik API Gateway for Microservices: With Java and Python ... It is important to note here, that the option passthrough has to be true for the TCP router as otherwise the TLS connection would be terminated by traefik. Importantly, if you forward HTTPS (eg an already existing websecure entrypoint), then traefik itself will attempt to handle encryption.