Comments (3)
Hi @georglauterbach,
Unfortunately I didn't had the time to look at it before. Just starting to reproduce the issue on my side and Iw will come back to you.
from traefik.
Hi @geoffgarside,
I gave it a try and I have the same behaviour between Traefik v2.10.7 and Traefik v3.0.1.
- Test 1
- sniStrict set to true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: subdomain
spec:
entryPoints: [ websecure ]
routes:
- kind: Rule
match: Host(`subdomain.mydomain.test`)
services:
- name: someservice
namespace: some-namespace-not-ingress
port: http
scheme: http
tls:
store:
name: default
namespace: ingress
Result: Connection closed
- Test 2
- sniStrict set to true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: subdomain
spec:
entryPoints: [ websecure ]
routes:
- kind: Rule
match: Host(`subdomain.mydomain.test`)
services:
- name: someservice
namespace: some-namespace-not-ingress
port: http
scheme: http
tls:
secretName: cloudflare-origin-certificate # define a secret name to load the certificate in traefik because the when sniStrict is set to true, traefik will verify certificates loadded but not default certificate.
store:
name: default
namespace: ingress
Result: It works
- Test 3
- sniStrict set to false
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: subdomain
spec:
entryPoints: [ websecure ]
routes:
- kind: Rule
match: Host(`subdomain.mydomain.test`)
services:
- name: someservice
namespace: some-namespace-not-ingress
port: http
scheme: http
tls:
store:
name: default
namespace: ingress
Result: It works
With sniStrict
option set to true, Traefik will check certificates that have been loaded and will not check the default certificate.
Doc reference:
With strict SNI checking enabled, Traefik won't allow connections from clients that do not specify a server_name extension or don't match any of the configured certificates. The default certificate is irrelevant on that matter.
It the same behaviour in v2.10
This behaviour has been introduced in Traefik v1.7 and has never been changed since the merge of the PR.
I unassigned myself to have the issue popping during the next triage and be able to discuss with other maintainers about it.
from traefik.
@mmatur any progress on this one?
from traefik.
Related Issues (20)
- Traefik memory leak HOT 3
- http 3 does not work as expected on tcp backend service. HOT 3
- using more than one env_file will loose the content of the second on HOT 1
- flutter grpc clinent request error 500 HOT 1
- Set route priority in HTTP Route HOT 1
- Suppress error log when gateway is created on v3.1rc HOT 1
- Nested traefik instances with "remote error: tls: unrecognized name" HOT 3
- defaultRule migrate from v2 to v3 ("error while adding rule Host: unexpected number of parameters; got 2, expected one of [1]) HOT 2
- "A new release has been found: 3.0.4. Please consider updating." Doesn't reference Traefik HOT 8
- Latest release in github currently points to a release candidate v3.1.0-rc3 HOT 1
- Bad UX in documentation banner images ` HOT 2
- Default Certificate Overridden by Team-Specific Secret with Same Cert but Incomplete Chain in IngressRoute HOT 6
- Provide JSON scheme for new Traefik v3 TOML formatting HOT 1
- File provider parsing errors should be limited to a single file HOT 2
- ServiceURL format in access logs HOT 1
- v3.x prometheus metrics returns wrong service name exclusively for the 'traefik_service_server_up' metric. HOT 1
- Error logs when kubernetes endpoints are scaled down to 0 HOT 6
- A way that allows active closing of connections, similar to the 444 status code in nginx HOT 2
- Authorisation header gets added to every second request
- Traefik Ingress Controller Fails with 404 errors due to plugin download failure HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik.