I just use the TCP router, but you'd still need a certificate that is recognized on the traefik side. In which case I used letsencrypt for that, but I have an Apache server that will have it's own TLS certificate along with mTLS authentication.
Here's the relevant block
version: "3.7"
services:
dmz:
image: httpd:alpine
deploy:
replicas: 1
update_config:
order: start-first
restart_policy:
condition: any
delay: 10s
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.tcp.routers.intranet.rule=HostSNI(`i.trajano.net`)
- traefik.tcp.routers.intranet.entryPoints=https
- traefik.tcp.routers.intranet.tls.certresolver=staging
- traefik.tcp.routers.intranet.tls.passthrough=true
- traefik.tcp.routers.intranet.tls.domains[0].main=i.trajano.net
- traefik.tcp.routers.intranet.tls.domains[0].sans=i.trajano.net
- traefik.tcp.routers.intranet.service=intranet
- traefik.tcp.services.intranet.loadbalancer.server.port=443
environment:
- TZ=America/Toronto
volumes:
- /d/p/trajano.net/devops-ca-R2.crt:/ca.pem
- /d/p/trajano.net/intranet_dmz/i.trajano.net.pem:/cert.pem
- /d/p/trajano.net/intranet_dmz/key.pem:/key.pem
- /d/p/trajano.net/intranet_dmz/httpd.conf:/usr/local/apache2/conf/httpd.conf
networks:
- traefik
- intranet
I referenced my sanitized stack files in Trajano base Docker swarm stacks