HTTPS-certificate issue with Consul Connect

I’ve the following scenario:
Internet (HTTPS) → Traefik → Caddy as reverse proxy → Backend service
Caddy and the backend-services are docker-images deployed by Nomad. Caddy is responsible to organzie the HTTPS cerificate through Let’s encrypt. Traefik is fowarding the TCP-traffic in “passthrough”-mode letting Caddy deliver the certificate (which is stored in Consul and is therefore distributes between multiplie instances of caddy)

Now I wanted to put Caddy in a Site Mesh with Consul Connect in order that the communication to its backend-system is encrypted as well. However the browser now doesn’t get the HTTPS-certificate from Caddy anymore, probably being intercepted by the sidecar proxy which is returning a invalid certificate for the browser. Is there some configuration-option to activate a passthrough from Envoy to Caddy or what would you suggest? Any idea is very welcome :slight_smile:

Hi @frank.wettstein , to allow outsiders (like a browser) to make requests to services in the Connect service mesh, you need to setup a Connect Ingress Gateway.

The connect block in Nomad can help run one for you.