Can someone explain what I did wrong with http->https redirect?

Hey. I'm new with traefic and just cant understand what I did wrong with my configs. This configuration redirect successfully http->https but only if enter URL without scheme. If me or someone else uses address with scheme http://.... traefic did nothing and I get an error. ((

traefic docker-compose.yml:

services:
  traefik:
    image: traefik
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
      # - 6443:6443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/custom/:/custom/:ro
      - ./data/basic.auth:/basic.auth
      - ./logs/:/logs/

    labels:
     - "traefik.enable=true"
     - "traefik.http.routers.traefik.entrypoints=https"
     - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
     - "traefik.http.routers.traefik.tls=true"
     - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
     - "traefik.http.routers.traefik.service=api@internal"
     - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
     - "traefik.http.routers.traefik.middlewares=traefik-auth"
     - "traefik.http.middlewares.traefik-auth.basicAuth.usersFile=/basic.auth"

     # global redirect to https
     - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
     - "traefik.http.routers.http-catchall.entrypoints=http"
     - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

     - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
     - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"

    networks:
      - net_traefik

networks:
  net_traefik:
    name: net_traefik

traefic traefik.yml

global:
  checkNewVersion: true
  sendAnonymousUsage: false


log:
  level: ERROR
  format: common
  filePath: /logs/traefik.log


accesslog:
  format: common
  filePath: /logs/access.log

serversTransport:
  insecureSkipVerify: true

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  letsEncrypt:
    acme:
      email: mymail@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: http
.

another docker-compose.yml

services:
  dokuwiki:
    image: bitnami/dokuwiki
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wiki.entrypoints=http"
      - "traefik.http.routers.wiki.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.wiki.tls=true"
      - "traefik.http.routers.wiki.tls.certresolver=letsEncrypt"
      - "traefik.http.routers.wiki.service=wiki-service"
      - "traefik.http.services.wiki-service.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      - "traefik.docker.network=net_traefik"

    environment:
      - DOKUWIKI_USERNAME=admin
      - DOKUWIKI_PASSWORD=admin
      - DOKUWIKI_WIKI_NAME=amega-wiki
    volumes:
      - ./data:/bitnami
    networks:
      - net_wiki
      - net_traefik

volumes:
  data:

networks:
  net_wiki:
    name: net_wiki
  net_traefik:
    name: net_traefik
    external: true

Why not simply use a global http-to-https on entrypoint? Compare to simple Traefik example.

Thank you for your reply. I've tried this solution and adapted it for my needs. It looks like the HTTPS redirect is working now. However, I can't understand why I am unable to run even a simple Nginx server from Docker. I can curl the page from inside the Docker container, but I can't reach it from outside. Can you give me one more advice about what I do wrong?

traefic docker-compose.yml

  traefik:
    image: "traefik:latest"
    ports:
      - 80:80
      - 443:443

    networks:
      - proxy

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data/acme.json:/acme.json
      - ./logs/:/var/log/

    command:
      - --api.dashboard=true

      - --log.level=ERROR
      - --log.filepath=/var/log/traefik.log

      - --accesslog=true
      - --accesslog.filepath=/var/log/traefik-access.log

      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false

      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entryPoints.web.http.redirections.entrypoint.scheme=https

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.asDefault=true.
      - --entrypoints.websecure.http.tls.certresolver=letsEncrypt

      - --certificatesresolvers.letsEncrypt.acme.email=mymail@gmail.com
      - --certificatesresolvers.letsEncrypt.acme.httpChallenge.entrypoint=web
      - --certificatesresolvers.letsEncrypt.acme.storage=acme.json

    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.host.ru`)
      - traefik.http.routers.mydashboard.service=api@internal

networks:
  proxy:
    name: proxy

nginx docker-compose.yml

services:
  nginx:
    image: nginx:stable-alpine
#    expose:
#      - 888
    container_name: nginx-mini
    hostname: nginx-mini
    restart: always
    volumes:

      - './www/:/var/www/ru.myhost/www/'
      - './logs/:/var/www/ru.myhost/logs/'
      - './logs2/:/var/log/nginx/'
      - './nginx/conf/nginx.conf:/etc/nginx/nginx.conf'
      - './nginx/sites-enabled:/etc/nginx/sites-enabled/'

    labels:
      - traefik.enable=true
      - traefik.http.routers.nginx.entrypoints=web
      - traefik.http.routers.nginx.rule=Host(`${DOMAIN}`)
      - traefik.http.routers.nginx.tls=true
      - traefik.http.routers.nginx.tls.certresolver=letsEncrypt
      - traefik.http.routers.nginx.service=nginx-service
      - traefik.http.services.nginx-service.loadbalancer.server.port=80

    networks:
      - net_nginx
      - proxy

networks:
  net_nginx:
    name: net_nginx
  proxy:
    name: proxy
    external: true

You set entrypoints=web for nginx, but requests will never arrive there, as they are redirected to websecure.

Check the example again. Simplify, place the TLS globally on entrypoints, too.

When using multiple networks for target services, make sure to set docker.network globally on provider or in labels.

Thank you for your explanations! Now I get it. )))

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.