Unable to reach via unifi.domain

[bigverm23]

Hey, thanks for all of these great containers. I am unable to reach this one via unifi.domainname.

The only I can reach the container is via https://10.0.0.216:8443, which isnt really making sense to me.

Would you be able to help?

[bigverm23]

I tried to use the alt method as well, but get a "unifi.domainname has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. "

[tcp.routers]
  [tcp.routers.unifi-rtr]
      entryPoints = ["https"]
      rule = "HostSNI(`unifi.domainname`)"
      service = "unifi-svc"
      [tcp.routers.unifi-rtr.tls]
        certresolver = "dns-cloudflare"
        passthrough = true

[tcp.services]
  [tcp.services.unifi-svc]
    [tcp.services.unifi-svc.loadBalancer]
      passHostHeader = true
      [[tcp.services.unifi-svc.loadBalancer.servers]]
        address = "10.0.0.216:8443"

`

[CVJoint]

My Unifi controller is running off of a raspberry pi (separate from my Traefik host), so I'm using the alt method you mention above. If they were on the same host I would try to use labels similar to how the Nextcloud container is set up.

I also have my internet traffic proxied through Cloudflare (orange cloud) and I know that when I've messed with the HSTS settings in Cloudflare I've seen those type of errors.

[mikejac]

@bigverm23 The Unifi Controller creates it's own, self-signed certificate at installation time. Firefox does not accept that kind of certificates anymore. In my setup, I have created my own certificate authority using EasyRSA and then issued a certificate for the Unifi URL. My root certficate is imported into Firefox (Firefox uses it's own certficate store, not the operating systems certfificate store).