Disable domain fronting
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
This commit is contained in:
parent
416c367778
commit
2b35397169
19 changed files with 532 additions and 58 deletions
|
@ -130,6 +130,20 @@ tls:
|
|||
|
||||
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
|
||||
|
||||
## Domain fronting
|
||||
|
||||
Basically, [domain fronting](https://en.wikipedia.org/wiki/Domain_fronting) is a technique that allows to open a
|
||||
connection with a specific domain name, thanks to the
|
||||
[Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication), then access a service with another
|
||||
domain set in the HTTP `Host` header.
|
||||
|
||||
Since the `v2.2.2`, Traefik avoids (by default) using domain fronting.
|
||||
As it is valid for advanced use cases, the `HostHeader` and `HostSNI` [rules](../routing/routers/index.md#rule) allow
|
||||
to fine tune the routing with the `Server Name Indication` and `Host header` value.
|
||||
|
||||
If you encounter routing issues with a previously working configuration, please refer to the
|
||||
[migration guide](../migration/v2.md) to update your configuration.
|
||||
|
||||
## TLS Options
|
||||
|
||||
The TLS options allow one to configure some parameters of the TLS connection.
|
||||
|
@ -317,7 +331,7 @@ spec:
|
|||
### Strict SNI Checking
|
||||
|
||||
With strict SNI checking, Traefik won't allow connections from clients connections
|
||||
that do not specify a server_name extension.
|
||||
that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Dynamic configuration
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue