My use case, I’ve been testing boringproxy to expose k3d services by pointing at traefik’s ingress IP. Currently, I have it working by running the client in a pod alongside traefik in a k3d cluster. I’m trying to get the solution fully automated and have successfully used ansible to talk with boringproxy’s API to set up tunnels. I have 2 main questions that maybe someone can help me with.
In regards to TLS certs I know there are 3 options for termination, currently it only works if I choose passthrough and I get my self-signed traefik cert as I haven’t set up letsencrypt with traefik. I could go the route of setting up traefik’s cert or is there a better option to somehow use the cert boringproxy sets up?
Currently I have to setup separate tunnels for each url/service even though I’m still pointing at the one IP traefik has. Is there a way to utilize a wildcard domain through boringproxy? (I tested this and it lets me create the tunnel but it doesn’t work)
*.cluster1.mydomain.com → 172.20.0.3 (traefik)