TLS Error Cloudflared -> Traefik -> Service on Kubernetes
TLDR: Are there any security concerns to just using "invalid" tls certs internally to a cluster? Is there any way to tell the tunnel to check if the tls matches the external hostname of a service not the internal?
I have a k8s cluster with no load balancer. I intend to use a cloudflare tunnel to expose traefik to the internet.
I plan to use traefik to reverse proxy the services to expose.
I have a wildcard tls cert for the external hostnames of the services.
If I disable TLS verification everything works perfectly.
When I try to enable tls verification it fails because the certificate traefik is serving does not match the internal hostname. It matches the external hostname.
I have a k8s cluster with no load balancer. I intend to use a cloudflare tunnel to expose traefik to the internet.
I plan to use traefik to reverse proxy the services to expose.
I have a wildcard tls cert for the external hostnames of the services.
If I disable TLS verification everything works perfectly.
When I try to enable tls verification it fails because the certificate traefik is serving does not match the internal hostname. It matches the external hostname.
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Similar Threads
Was this page helpful?
