Configuration of non http port without TLS

Hi, I understand this might have been asked before but I'm kind of confused on the setup. Basically I need Traefik to redirect port 80 & 9735 to different containers based on subdomains, I was able to do that with port 80 but somehow 9735 with TLS doesn't work (connection is never received) and without TLS the connection drops after some seconds.

I'm using Docker on ECS, I have 1 Traefik service and multiple Tasks with an app that starts a web server on port 80 and another app called lnd (lightning) on port 9735.

Here are my attempts at TLS config which from what I understand, should work:

Traefik container config

["--providers.docker=true","--providers.docker.endpoint=unix:///var/run/docker.sock","--entryPoints.web.address=:80","--entryPoints.lnd.address=:9735","--api.dashboard=true","--api.insecure=true","--accesslog=true","--log=true","--log.level=DEBUG","--certificatesresolvers.letsencrypt=true","--certificatesresolvers.letsencrypt.acme.email=xxx@xxx.com","--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory","--certificatesresolvers.letsencrypt.acme.dnschallenge=true","--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=route53"]

Here's my container configuration (web app & lnd)

traefik.tcp.routers.node2.entrypoints=lnd
traefik.enable=true
traefik.tcp.routers.node2.tls.certresolver=letsencrypt
traefik.tcp.routers.node2.rule=HostSNI(`002.nodes.mydomain.com`)
traefik.tcp.routers.node2.tls.passthrough=true
traefik.http.routers.node2.rule=Host(`002.nodes.mydomain.com`)
traefik.http.routers.node2.entrypoints=web
traefik.tcp.services.node2.loadbalancer.server.port=9735
traefik.tcp.routers.node2.tls=true

This is not routing the port properly and can't even see the routing on the logs even though the web ui dashboard shows that 9735 should be redirected. I tried with tls + passthrough as well, all possible combinations with and without tls and the only one that "worked" so far was:

traefik.tcp.routers.node2.entrypoints=lnd
traefik.enable=true
traefik.tcp.routers.node2.rule=HostSNI(`*`)
traefik.tcp.services.node2.loadbalancer.terminationdelay=-1
traefik.http.routers.node2.rule=Host(`002.nodes.mydomain.com`)
traefik.http.routers.node2.entrypoints=web
traefik.tcp.services.node2.loadbalancer.server.port=9735

But this doesn't forward per subdomain so really doesn't work as I expect it, maybe Traefik is the wrong tool but seems like this should be achieved by the tool.

If anyone can shed some light on this, would be greatly appreciated, maybe I'm missing something in the config but I think after 4 days I've tried every possible combination :slight_smile:

Thanks!

For TCP without TLS you must use HostSNI(`*`)

See HostSNI & TLS

For TCP+TLS and HTTPS the SNI is levereaged. For HTTP the Host Header. For plain ol' TCP neither are available.

Thanks for the answer, so would it ever be supported the plain old TCP?

@gonzaloaune It can't, because plain TCP doesn't have the information available

@cakiwi many thanks for your answer