You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/post/2025/05-29-traefik-load-balancer/index.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,7 +22,7 @@ import TraefikLoadBalancerArchitectureImage from '../../../../content/post/2025/
22
22
23
23
## Introduction
24
24
25
-
This article is a continuation of [Expose home server with Rathole tunnel and Traefik](/blog/2025-04-29-rathole-traefik-home-server), which explains how to permanently host websites from home by bypassing CGNAT. That setup works well for exposing a single home server (like a Raspberry Pi, server PC, or virtual machine), but it has a limitation: it requires one VPS (or at least one public network interface) per home server. This is because the Rathole server exclusively uses ports `80` and `443`.
25
+
This article is a continuation of [Expose home server with Rathole tunnel and Traefik](/blog/2025-04-29-rathole-traefik-home-server) article, which explains how to permanently host websites from home by bypassing CGNAT. That setup works well for exposing a single home server (like a Raspberry Pi, server PC, or virtual machine), but it has a limitation: it requires one VPS (or at least one public network interface) per home server. This is because the Rathole server exclusively uses ports `80` and `443`.
26
26
27
27
But it doesn't have to be like this. We can reuse a single Rathole server for many tunnels and home servers, we just need a tool to load balance their traffic, as long as our VPS's network interface provides enough bandwidth for our websites and services.
28
28
@@ -82,7 +82,7 @@ I already wrote about the advantage of resolving SSL certificates locally on the
82
82
83
83
## Traefik load balancer and Rathole server
84
84
85
-
Since we passthrough encrypted HTTPS traffic, Traefik can't read the subdomain from an HTTP request as usual. Instead, we will run the Traefik router in TCP mode, using the [HostSNIRegexp](https://doc.traefik.io/traefik/v2.9/routing/routers/#rule) matcher. This will run the router on layer 4 (TCP) instead of the usual layer 7 (HTTP).
85
+
Since we passthrough encrypted HTTPS traffic, Traefik can't read the subdomain from an HTTP request as usual. Instead, we will run the Traefik router in TCP mode, using the [HostSNIRegexp](https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1) matcher. This will run the router on layer 4 (TCP) instead of the usual layer 7 (HTTP).
86
86
87
87
For more in-depth info on how this works, you can read here: [Server Name Indication (SNI)](https://en.wikipedia.org/wiki/Server_Name_Indication).
88
88
@@ -374,5 +374,5 @@ Happy self-hosting.
374
374
375
375
## References
376
376
377
-
- Traefik `v2.9` `HostRegexp` and `HostSNIRegexp` reference https://doc.traefik.io/traefik/v2.9/routing/routers/#rule
377
+
- Traefik `v2.9` `HostRegexp` and `HostSNIRegexp` reference https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1
378
378
- TLS Server Name Indication (SNI), Wikipedia https://en.wikipedia.org/wiki/Server_Name_Indication
0 commit comments