does traefik support complete ssl pass-through?

[deitch]

I have been trying to figure out, perhaps with InsecureSkipVerify, if traefik can support complete ssl pass-through. Basically, can it act as an unintelligent proxy, without attempting to terminate SSL from the client and then open a new connection to the backend? (if you prefer, can traefik operate without being a MITM?)

I am looking to communicate from clients to multiple backends. Traefik is great for unifying the front-ends, providing dynamic updates, etc. But the clients have the CA cert for the backends, they have client certs to authenticate against the backends, just want traefik to provide load-balancing (and some degree of HA, assuming dynamic config backend that is updated) without attempting to terminate each end of the SSL.

Can it?

[floriankammermann]

We have a similar case. The backend and the client authenticate over Two-way SSL. We have no control over the used SSL certificates. The only thing we can influence is the SNI. So we need SSL passthrough and routing based on the SNI Information.

[deitch]

@floriankammermann I couldn't find a way. We are using it as an IngressController for kubernetes, so for now we are using traefik for inbound http or terminated https, and nginx with the stream option to pass through tcp for anything that should not be terminated. Love to unify on traefik, but perhaps over time.

[ldez]

Closed by #1446