Easy redirects with Traefik

Is it simple to add a redirect to the Traefik configuration? How can it be done? Can you give me an example?

I'd like to avoid doing this with an html file with embedded js code and then I'd like to do all of that without using a web server (if possible of course!).

The client writes www.sitoabc.com and the proxy directs to www.sitoabc.it. The .com version which is currently active will be abandoned in the future and in the future only www.sitoabc.it will exist anymore.

What will happen in the future when the domain name www.sitoabc.com is no longer renewed? What will happen when Traefik tries to self-renew the certificate? Will I need to edit Traefik's .yaml file?

If you need to know my current configuration you can look at the first post of this thread.

thank you

Just check Traefik RedirectRegex middleware. Did you search the forum, it has been asked before: 1, 2, 3

If you do not renew the domain it will not work. The DNS entry will not point to your server's IP anymore. So browsers will not get to your site and TLS/SSL will not be renewed.

But every 90 days Traefik tries to renew the certificate of all domains. If one of these domains no longer exists, are the others renewed or not?

I wrote the following code as it is written on the site but it doesn't work. I'm testing locally before pushing everything to the server. Where am I wrong? Isn't there a faster system than mine? I have to write a lot of repeating code.

      traefik.http.routers.reindirizzamento1.rule: PathPrefix(`/`)
      traefik.http.routers.reindirizzamento1.priority: 3
      traefik.http.routers.reindirizzamento1.middlewares: rimanda1
      traefik.http.middlewares.rimanda1.redirectregex.regex: ^https://www.google.localhost/(.*)
      traefik.http.middlewares.rimanda1.redirectregex.replacement: https://www.google.it/$${1}
      traefik.http.routers.reindirizzamento2.rule: PathPrefix(`/`)
      traefik.http.routers.reindirizzamento2.priority: 4
      traefik.http.routers.reindirizzamento2.middlewares: rimanda2
      traefik.http.middlewares.rimanda2.redirectregex.regex: ^https://www.bing.localhost/(.*)
      traefik.http.middlewares.rimanda2.redirectregex.replacement: https://www.bing.it/$${1}

If I access the home site I get this.

11026×570 33.5 KB

traefik.log

{"entryPointName":"websecure","level":"warning","msg":"No domain found in rule PathPrefix(`/`), the TLS options applied for this router will depend on the SNI of each request","routerName":"websecure-reindirizzamento@docker","time":"2022-12-19T12:40:06Z"}

You get the warning in the logs because you do not have a Host in the rule. This is not an issue if you have another target running with Host, so Traefik LetsEncrypt knows your domain names and can create the required TLS/SSL certs.

The rule determines what route is used. Both rules use PathPrefix( / ), Traefik will always use reindirizzamento2 because of the higher priority (number). You can try assigning both redirectregex to a single router:

      traefik.http.routers.reindirizzamento1.middlewares: rimanda1,rimanda2

What do you expect when entering https://localhost in your browser? Do you have more routers/services? If not, with rule: PathPrefix( / ) and your redirects, I don't know what should be shown.

Please note that you have not assigned resolvers for TLS to the routers. Also LE will not create certificates for localhost, so https with localhost will usually not work.

For more information, you should enable Traefik debug log and Traefik access log.

In the first post of this thread you can find my configuration.

https://localhost is the site's home page. If I type https://localhost the browser shouldn't redirect and show me the home page of the site.

script 1

      traefik.http.routers.reindirizzamento.rule: PathPrefix(`/`)
      traefik.http.routers.reindirizzamento.priority: 3
      traefik.http.routers.reindirizzamento.middlewares: rimanda1,rimanda2
      traefik.http.middlewares.rimanda1.redirectregex.regex: ^https://www.google.localhost/(.*)
      traefik.http.middlewares.rimanda1.redirectregex.replacement: https://www.google.it/$${1}
      traefik.http.middlewares.rimanda2.redirectregex.regex: ^https://www.bing.localhost/(.*)
      traefik.http.middlewares.rimanda2.redirectregex.replacement: https://www.bing.it/$${1}

traefik.log

{"level":"debug","msg":"Serving default certificate for request: \"localhost\"","time":"2022-12-19T14:01:03Z"}
{"level":"debug","msg":"http: TLS handshake error from 172.19.0.1:55754: remote error: tls: bad certificate","time":"2022-12-19T14:01:04Z"}
{"level":"debug","msg":"Serving default certificate for request: \"localhost\"","time":"2022-12-19T14:01:04Z"}
{"level":"debug","msg":"http: TLS handshake error from 172.19.0.1:55758: remote error: tls: bad certificate","time":"2022-12-19T14:01:04Z"}
{"level":"debug","msg":"Serving default certificate for request: \"localhost\"","time":"2022-12-19T14:01:07Z"}
{"level":"debug","msg":"Serving default certificate for request: \"google.localhost\"","time":"2022-12-19T14:01:19Z"}
{"level":"debug","msg":"http: TLS handshake error from 172.19.0.1:58008: remote error: tls: bad certificate","time":"2022-12-19T14:01:19Z"}
{"level":"debug","msg":"Serving default certificate for request: \"google.localhost\"","time":"2022-12-19T14:01:22Z"}

script 2

      traefik.http.routers.reindirizzamento.rule: PathPrefix(`/`)
      traefik.http.routers.reindirizzamento.priority: 3
      traefik.http.routers.reindirizzamento.middlewares: rimanda1,rimanda2
      traefik.http.middlewares.rimanda1.redirectregex.regex: ^https://www.google.localhost/(.*)
      traefik.http.middlewares.rimanda1.redirectregex.replacement: https://www.google.it/$${1}
      traefik.http.middlewares.rimanda1.redirectregex.scheme: 'https'
      traefik.http.middlewares.rimanda1.redirectregex.port: 443
      traefik.http.middlewares.rimanda1.redirectregex.permanent: 'true'
      traefik.http.middlewares.rimanda2.redirectregex.regex: ^https://www.bing.localhost/(.*)
      traefik.http.middlewares.rimanda2.redirectregex.replacement: https://www.bing.it/$${1}
      traefik.http.middlewares.rimanda2.redirectregex.scheme: 'https'
      traefik.http.middlewares.rimanda2.redirectregex.port: 443
      traefik.http.middlewares.rimanda2.redirectregex.permanent: 'true'

localhost

404 page not found

traefik.log

{"level":"debug","msg":"Serving default certificate for request: \"localhost\"","time":"2022-12-19T14:08:27Z"}
{"level":"debug","msg":"http: TLS handshake error from 172.19.0.1:42592: remote error: tls: bad certificate","time":"2022-12-19T14:08:27Z"}
{"level":"debug","msg":"Serving default certificate for request: \"localhost\"","time":"2022-12-19T14:08:31Z"}

I have updated the post, read above please.

You can not use localhost with LetsEncrypt certificates, therefore you can not use https://localhost. It will always show a TLS/SSL security error.

And if TLS is not working, you will not get to the http layer and you will not get a redirect.

So redirects can only be tested on real sites?
Of the many solutions I've tried, which one should I use on my real server?
Let's go back to the first question of the post: if some URL doesn't really exist, does the server stop working?

If you use TLS with LetsEncrypt, you can only test it on real sites, not localhost.

If you have an invalid Host in your rule, TLS creation will fail and not renew - for both.

traefik.http.routers.api.rule=Host(`example.com`) || Host(`invalid.example.com`)

In general I would recommend to spin up a small VM and test it with new sub-domains.

I am using a VM and it works great with localhost and any subdomain. I'm also using the self-signed certificates you see in my application's general code. Locally I should be able to write something.localhost and redirect to other.localhost. To go from http to https or from non-www to www I do this and it works great, even without a real certificate.

On the real server I will have something.site.abc and redirect from something.site.xyz to something.site.abc. When I delete the DNS of something.site.xyz from the provider I would like something.site.abc (end site) to keep working.

When you delete the DNS entry, you should delete the rule=Host( old ) part, too.

The regular lifetime of a LE certificate is 90 days, it will be validated once during creation. The renewal is usually done after 60 days, then the process starts again.

I solved it by creating a service with Apache and putting a .php file in the volume that performs the redirect. I don't know if it's the best way but Traefik's code I tried didn't work. Thanks for your help.