homelab/traefik
1
0
Fork 0
Code Activity

Disable domain fronting

Browse source 
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
This commit is contained in:
Romain 2020-07-08 12:18:03 +02:00 committed by GitHub
parent 416c367778
commit 2b35397169
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 532 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/content/https/tls.md
View file

@ -130,6 +130,20 @@ tls:
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
## Domain fronting
Basically, [domain fronting](https://en.wikipedia.org/wiki/Domain_fronting) is a technique that allows to open a
connection with a specific domain name, thanks to the
[Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication), then access a service with another
domain set in the HTTP `Host` header.
Since the `v2.2.2`, Traefik avoids (by default) using domain fronting.
As it is valid for advanced use cases, the `HostHeader` and `HostSNI` [rules](../routing/routers/index.md#rule) allow
to fine tune the routing with the `Server Name Indication` and `Host header` value.
If you encounter routing issues with a previously working configuration, please refer to the
[migration guide](../migration/v2.md) to update your configuration.
## TLS Options
The TLS options allow one to configure some parameters of the TLS connection.
@ -317,7 +331,7 @@ spec:
### Strict SNI Checking
With strict SNI checking, Traefik won't allow connections from clients connections
that do not specify a server_name extension.
that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
```toml tab="File (TOML)"
# Dynamic configuration