viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ci skip] Fix HTTPS backend proxying for reverse-proxy services

Browse source 
- Add insecureSkipVerify=true globally for self-signed backend certs
- Name service ports with https- prefix for HTTPS backends so Traefik uses HTTPS
- Add ServersTransport CRD for per-service insecureSkipVerify
- Add serversscheme/serverstransport annotations to reverse-proxy factory
This commit is contained in:
Viktor Barzin 2026-02-07 13:56:24 +00:00
parent 4d0d2a3568
commit d4cf63dce9
No known key found for this signature in database
GPG key ID: 0EB088298288D958
3 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/kubernetes/traefik/main.tf
View file

@ -142,6 +142,8 @@ resource "helm_release" "traefik" {
"--api.insecure=true",
"--global.checknewversion=false",
"--global.sendanonymoususage=false",
# Skip TLS verification for self-signed backend certs (proxmox, idrac, etc.)
"--serversTransport.insecureSkipVerify=true",
# Increase timeouts for services like Immich
"--serversTransport.forwardingTimeouts.dialTimeout=60s",
"--serversTransport.forwardingTimeouts.responseHeaderTimeout=0s",