aleprovencio
commented
4 years ago So this should explain why I was never able to put taskserver behind traefik, right?
Any reasons why this has not been merged yet??
Closed osctobe closed 4 months ago
aleprovencio
commented
4 years ago So this should explain why I was never able to put taskserver behind traefik, right?
Any reasons why this has not been merged yet??
jrabbit
commented
4 years ago So this should explain why I was never able to put
taskserverbehindtraefik, right?Any reasons why this has not been merged yet??
taskd expects to be able to terminate the mTLS session itself. You might be able to passively proxy it but you can't frontload it I don't think, without this PR.
This patchset allows to put taskserver behind an SSL reverse proxy (eg. stunnel or haproxy). Original client's address is passed using PROXY protocol described at [1]. Both versions of the protocol are supported, though binary (v2) is preferred.
[1] http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt