Can someone explain what I did wrong with http->https redirect?

crewdk · February 7, 2025, 6:23pm

Hey. I'm new with traefic and just cant understand what I did wrong with my configs. This configuration redirect successfully http->https but only if enter URL without scheme. If me or someone else uses address with scheme http://.... traefic did nothing and I get an error. ((

traefic docker-compose.yml:

services:
  traefik:
    image: traefik
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
      # - 6443:6443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/custom/:/custom/:ro
      - ./data/basic.auth:/basic.auth
      - ./logs/:/logs/

    labels:
     - "traefik.enable=true"
     - "traefik.http.routers.traefik.entrypoints=https"
     - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
     - "traefik.http.routers.traefik.tls=true"
     - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
     - "traefik.http.routers.traefik.service=api@internal"
     - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
     - "traefik.http.routers.traefik.middlewares=traefik-auth"
     - "traefik.http.middlewares.traefik-auth.basicAuth.usersFile=/basic.auth"

     # global redirect to https
     - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
     - "traefik.http.routers.http-catchall.entrypoints=http"
     - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

     - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
     - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"

    networks:
      - net_traefik

networks:
  net_traefik:
    name: net_traefik

traefic traefik.yml

global:
  checkNewVersion: true
  sendAnonymousUsage: false


log:
  level: ERROR
  format: common
  filePath: /logs/traefik.log


accesslog:
  format: common
  filePath: /logs/access.log

serversTransport:
  insecureSkipVerify: true

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  letsEncrypt:
    acme:
      email: mymail@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: http
.

another docker-compose.yml

services:
  dokuwiki:
    image: bitnami/dokuwiki
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wiki.entrypoints=http"
      - "traefik.http.routers.wiki.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.wiki.tls=true"
      - "traefik.http.routers.wiki.tls.certresolver=letsEncrypt"
      - "traefik.http.routers.wiki.service=wiki-service"
      - "traefik.http.services.wiki-service.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      - "traefik.docker.network=net_traefik"

    environment:
      - DOKUWIKI_USERNAME=admin
      - DOKUWIKI_PASSWORD=admin
      - DOKUWIKI_WIKI_NAME=amega-wiki
    volumes:
      - ./data:/bitnami
    networks:
      - net_wiki
      - net_traefik

volumes:
  data:

networks:
  net_wiki:
    name: net_wiki
  net_traefik:
    name: net_traefik
    external: true

bluepuma77 · February 7, 2025, 7:19pm

Why not simply use a global http-to-https on entrypoint? Compare to simple Traefik example.

crewdk · February 8, 2025, 7:23pm

Thank you for your reply. I've tried this solution and adapted it for my needs. It looks like the HTTPS redirect is working now. However, I can't understand why I am unable to run even a simple Nginx server from Docker. I can curl the page from inside the Docker container, but I can't reach it from outside. Can you give me one more advice about what I do wrong?

traefic docker-compose.yml

  traefik:
    image: "traefik:latest"
    ports:
      - 80:80
      - 443:443

    networks:
      - proxy

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/acme.json:/acme.json
      - ./logs/:/var/log/

    command:
      - --api.dashboard=true

      - --log.level=ERROR
      - --log.filepath=/var/log/traefik.log

      - --accesslog=true
      - --accesslog.filepath=/var/log/traefik-access.log

      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false

      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.asDefault=true.
      - --entrypoints.websecure.http.tls.certresolver=letsEncrypt

      - --certificatesresolvers.letsEncrypt.acme.email=mymail@gmail.com
      - --certificatesresolvers.letsEncrypt.acme.httpChallenge.entrypoint=web
      - --certificatesresolvers.letsEncrypt.acme.storage=acme.json

    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.host.ru`)
      - traefik.http.routers.mydashboard.service=api@internal

networks:
  proxy:
    name: proxy

nginx docker-compose.yml

services:
  nginx:
    image: nginx:stable-alpine
#    expose:
#      - 888
    container_name: nginx-mini
    hostname: nginx-mini
    restart: always
    volumes:

      - './www/:/var/www/ru.myhost/www/'
      - './logs/:/var/www/ru.myhost/logs/'
      - './logs2/:/var/log/nginx/'
      - './nginx/conf/nginx.conf:/etc/nginx/nginx.conf'
      - './nginx/sites-enabled:/etc/nginx/sites-enabled/'

    labels:
      - traefik.enable=true
      - traefik.http.routers.nginx.entrypoints=web
      - traefik.http.routers.nginx.rule=Host(`${DOMAIN}`)
      - traefik.http.routers.nginx.tls=true
      - traefik.http.routers.nginx.tls.certresolver=letsEncrypt
      - traefik.http.routers.nginx.service=nginx-service
      - traefik.http.services.nginx-service.loadbalancer.server.port=80

    networks:
      - net_nginx
      - proxy

networks:
  net_nginx:
    name: net_nginx
  proxy:
    name: proxy
    external: true

bluepuma77 · February 9, 2025, 7:58am

You set entrypoints=web for nginx, but requests will never arrive there, as they are redirected to websecure.

Check the example again. Simplify, place the TLS globally on entrypoints, too.

When using multiple networks for target services, make sure to set docker.network globally on provider or in labels.

crewdk · February 9, 2025, 11:12pm

Thank you for your explanations! Now I get it. )))

system · February 12, 2025, 11:13pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't set up redirect http to https Traefik v2 docker , middleware	2	245	July 1, 2024
Redirect http to https does not work Traefik v3 (latest) docker	5	918	August 25, 2024
Redirect scheme (http to https) not working Traefik v2 middleware	6	4377	October 10, 2022
Cannot get http -> https redirect to work properly Traefik v2 docker , middleware	3	1923	December 12, 2019
HTTPS Redirection Default Traefik v2 docker , middleware	2	693	May 21, 2020

Can someone explain what I did wrong with http->https redirect?

Related topics