I currently have a single docker host with traefik running behind an haproxy instance that routes HTTPS SNI and HTTP hostnames to various destinations, mostly docker.
I’m currently building out a 3 node docker host cluster and want to be able to use the letsencrypt functionality of traefik, which a cursory search indicates this is difficult.
The angle I want to attempt is polling the traefik API on each host for active applications and selecting the backend if it matches the SNI or http host of the incoming connection. Is there a way in httproxy to perform logic on the response of an HTTP check response?
If you have an easy example that’s great, otherwise please point me in the right direction. is this an LUA script? Out of my wheelhouse but can learn
what you want to achieve? route based on different sni names? does each docker host have different sni names / letsencrypt certs (at least domain names)?
Sorry I thought I was more clear, but re-reading my post it’s not.
Here’s a sample state
HAPROXY
/ \
traefik HOST A traefik HOST B
media.domain.com app2.domain.com
app1.domain.com app3.domain.com
When an TLS request come into HAProxy, I want to take the SNI value and query Traefik A and B for a list of registered applications. In an example if the SNI is app3.domain.com, query both traefik api, and if “app3.domain.com” is in the responce array, route the connection to traefik B.
When an HTTP request comes into HAProxy, and matches the .well-known url, also perform the same action. This way a lets-encrypt challange for media.domain.com/.well-known/challange2334 will be routed to traefik A
Currently I have all the basics working when only HOST A is behind HAPROXY, such as SNI routing, .well-known challange routing, but currently the only routing I do is if the app is docker hosted, select traefik backend, if it’s a VM hosted app, route to the VM’s IP backend
I don’t need a fully formed script/config, I just need to know where to start looking on preforming logic on the connection beyond simple rules