i m trying to migrate from HAProxy to Traefik, i have an existing config of Haproxy that act as TCP loadbalancer for an FTPS server. now, i m trying to do that same with traefik. The FPTS server Operate on the following port: 1413 for control and 1414-1420 to transfer Data. my config is the following:
gerenal View
Docker-compose.yml file
services:
traefik:
image: traefik:2.10
container_name: traefik
network_mode: host
restart: always
env_file:
- ./traefik.env
volumes:
- /srv/traefik/:/etc/traefik
- /srv/traefik/logs:/logs
- /etc/letsencrypt:/etc/letsencrypt:ro
command: [ ]
traefik.yml Static config
api:
insecure: true
dashboard: true
log:
level: "DEBUG"
filePath: "/logs/traefik.log"
certificatesResolvers:
letsEncrypt:
acme:
email: "letencr@cl.ss"
storage: "/etc/traefik/acme/acme.json"
tlsChallenge: {}
entryPoints:
ftps:
address: ":1413"
ftps_data_1:
address: ":1414"
ftps_data_2:
address: ":1415"
ftps_data_3:
address: ":1416"
ftps_data_4:
address: ":1417"
ftps_data_5:
address: ":1418"
ftps_data_6:
address: ":1419"
ftps_data_7:
address: ":1420"
metrics:
prometheus: {}
providers:
file:
directory: "/etc/traefik/config"
watch: true
serversTransport:
insecureSkipVerify: true
tls.yml
tls:
certificates:
- certFile: /etc/letsencrypt/certs_project/fullchain.pem
keyFile: /etc/letsencrypt/certs_project/key.pem
ftps_dynamic_config.yml
tcp:
routers:
## Connect
hi_ftps_connect:*
rule: "HostSNI(`*`)"
entryPoints:
- "ftps"
service: "ssl_hi_ftps_connect"
tls: {}
## Data transfer
hi_ftps_passive_1:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_1"
service: "ssl_hi_ftps_passive_1"
tls: {}
## Data transfer
hi_ftps_passive_2:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_2"
service: "ssl_hi_ftps_passive_2"
tls: {}
## Data transfer
hi_ftps_passive_3:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_3"
service: "ssl_hi_ftps_passive_3"
tls: {}
## Data transfer
hi_ftps_passive_4:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_4"
service: "ssl_hi_ftps_passive_4"
tls: {}
## Data transfer
hi_ftps_passive_5:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_5"
service: "ssl_hi_ftps_passive_5"
tls: {}
## Data transfer
hi_ftps_passive_6:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_6"
service: "ssl_hi_ftps_passive_6"
tls: {}
## Data transfer
hi_ftps_passive_7:
rule: "HostSNI(`*`)"
entryPoints:
- "ftps_data_7"
service: "ssl_hi_ftps_passive_7"
tls: {}
services:
## Connect
ssl_hi_ftps_connect:
loadBalancer:
servers:
- address: "172.20.49.6:1413" # Connectivity
## Data transfer
ssl_hi_ftps_passive_1:
loadBalancer:
servers:
- address: "172.20.49.6:1414" # Data
## Data transfer
ssl_hi_ftps_passive_2:
loadBalancer:
servers:
- address: "172.20.49.6:1415" # Data
## Data transfer
ssl_hi_ftps_passive_3:
loadBalancer:
servers:
- address: "172.20.49.6:1416" # Data
## Data transfer
ssl_hi_ftps_passive_4:
loadBalancer:
servers:
- address: "172.20.49.6:1417" # Data
## Data transfer
ssl_hi_ftps_passive_5:
loadBalancer:
servers:
- address: "172.20.49.6:1418" # Data
## Data transfer
ssl_hi_ftps_passive_6:
loadBalancer:
servers:
- address: "172.20.49.6:1419" # Data
## Data transfer
ssl_hi_ftps_passive_7:
loadBalancer:
servers:
- address: "172.20.49.6:1420" # Data
Treafik logs:
time="#" level=debug msg="http: TLS handshake error from [MY-IP]:45552: tls: client requested unsupported application protocols ([ftp])"
time="#" level=debug msg="http: TLS handshake error from [MY-IP]:45564: tls: client requested unsupported application protocols ([ftp])"
NOTE: i m connecting with the Filezilla Client
i don't get it, i never setup such a thing with traefik .Also, when the setup was done with haproxy , it prompt me in filezilla to accept the certifcate when i try to connect to the ftps server.
anyone that have tried to do such a config kindly provide me with some guidance?
