Originally, I used the following backends:
[backends] [backends.api] [backends.api.servers.endpoint] url = "https://Api:11443"
The DNS name
Api resolves to several web servers, and those servers are signed with a self signed cert. Now, we're switching over to the Service Fabric provider. This provider automatically configures the backend pool:
So, now Traefik knows all the IP addresses of the VMs running that service and doesn't need DNS. The problem is, those servers use an SSL cert signed for "Api", not the IP address. We we make a request, we get the error:
DEBU[2019-09-27T20:22:07-07:00] '500 Internal Server Error' caused by: x509: cannot validate certificate for 10.111.12.8 because it doesn't contain any IP SANs
Is there any way around this, or can we disable the cert validation while still validating the root CA and using HTTPS? Here's my Traefik config:
debug = true logLevel = "DEBUG" defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":81" [api] entrypoint="dashboard" [entryPoints.dashboard] address = ":8443" [serviceFabric] clusterManagementUrl = "https://localhost:19080" apiVersion = "3.0" refreshSeconds = 10 [serviceFabric.tls] cert = "C:/Users/rdpadmin/TraefikTest/sf.crt" key = "C:/Users/rdpadmin/TraefikTest/sf.key" insecureSkipVerify = true [tls.options] [tls.options.default] [tls.options.default.clientAuth] clientAuthType = "RequireAnyClientCert"