在Traefik,是否有可能:
一个。设置两个不同的SSL入口点,这样我就可以在一个SNI(ClientCAFiles)上启用TLS相互认证而不在另一个上启用;
或
B中。使用相同的入口点(:443),但ClientCAFiles指令仅适用于特定的URL
我尝试过这样的事情:
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
clientCAFiles = ["certs/clientca.crt"]
[[entryPoints.https.tls.certificates]]
certFile = "certs/server1.crt"
keyFile = "certs/server1.key"
[entrypoints.otherSSL]
address = ":8443"
[entryPoints.otherSSL.tls]
[[entryPoints.otherSSL.tls.certificates]]
certFile = "certs/server2.crt"
keyFile = "certs/server2.key"
但不起作用。也试过这样:
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
clientCAFiles = ["certs/clientca.crt"]
certFile = "certs/server1.crt"
keyFile = "certs/server1.key"
[[entryPoints.https.tls.certificates]]
certFile = "certs/server2.crt"
keyFile = "certs/server2.key"
这也行不通。
这有效:
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
clientCAFiles = ["certs/clientca.crt"]
[[entryPoints.https.tls.certificates]]
certFile = "certs/server1.crt"
keyFile = "certs/server1.key"
[[entryPoints.https.tls.certificates]]
certFile = "certs/server2.crt"
keyFile = "certs/server2.key"
但需要clientAuth用于两个SNI。