|
|
|
|
@ -88,8 +88,10 @@ services:
|
|
|
|
|
### helloworld with socat
|
|
|
|
|
|
|
|
|
|
socat could be handy when you need to see the TLS flow between the reverse
|
|
|
|
|
proxy and a backend. It may also let you secure the traffic between them in
|
|
|
|
|
case when the backend application does not support TLS on its own.
|
|
|
|
|
proxy and a backend.
|
|
|
|
|
|
|
|
|
|
It may also help you secure the traffic between the reverse proxy and a backend
|
|
|
|
|
in case when the latter service does not support TLS on its own.
|
|
|
|
|
|
|
|
|
|
> Minimum socat version should be [1.7.3.2](https://fossies.org/linux/privat/socat-1.7.3.2.tar.gz/socat-1.7.3.2/CHANGES) so it will work with the
|
|
|
|
|
> ECDHE- OpenSSL ciphers.
|
|
|
|
|
@ -115,6 +117,12 @@ services:
|
|
|
|
|
traefik.protocol: 'https'
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
If you get ``sslv3 alert bad certificate`` error, then make sure you have
|
|
|
|
|
either updated the CA bundle with your CA file which was used to sign your x509
|
|
|
|
|
certificates at the reverse proxy server or disable TLS verification between
|
|
|
|
|
the reverse proxy and your backend (e.g. Traefik has a global option
|
|
|
|
|
``insecureSkipVerify = true``)
|
|
|
|
|
|
|
|
|
|
## Testing
|
|
|
|
|
|
|
|
|
|
I have added a simplistic script [testme.sh](testme.sh) that helps to test this
|
|
|
|
|
|
