Hi everyone, using traefik 2.9.0 rc3, I'm facing issue to redirect http to https with certificates. I'm not using the docker installation of traefik, but installation with binairies. There are lot of issues reported with docker, but I can not find any help for non docker installation.
Traefik is started as a debian service (systemd) and all traefik soft is in /etc/traefik with services and certs subfolders. In order to test and avoid any credentials issues, everything is chmod 777.
it's a very simple loadbalancer test : when reaching the port 80 of the traefik server, client should be redirected to https (this seems ok, Chrome shows that the self signed certificate is not safe), then be redirected to one of the 2 http servers that are behind the loadbalancer. This step failes with error 404.
Please note that without https redirection set in the configs, the loadbalancing is working well.
Routes seems OK in dashboard
Here is the static config file (yaml)
accesslog: true
api:
dashboard: true
debug: true
insecure: true
log:
level: DEBUG
filepath: "/var/log/traefik/traefik.log"
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: "websecure"
scheme: "https"
websecure:
address: ":443"
providers:
file:
directory: "/etc/traefik/services/"
watch: true
I've 2 services files in the service folder : for routing and for tls :
router.yaml
http:
routers:
ldb1_route:
entryPoints:
- "web"
- "websecure"
service: ldb1_service
rule: "Path(`/`)"
middlewares:
- "redirect_https"
middlewares:
redirect_https:
redirectScheme:
scheme: "https"
permanent: true
port: 443
services:
ldb1_service:
loadBalancer:
servers:
- url: "http://192.168.1.99:8081"
- url: "http://192.168.1.99:8082"
tls.yaml
tls:
certificates:
- certFile: "/etc/traefik/certs/cert.pem"
keyFile: "/etc/traefik/certs/key.pem"
stores:
- default
stores:
default:
defaultCertificate:
certFile: "/etc/traefik/certs/cert.pem"
keyFile: "/etc/traefik/certs/key.pem"
certs files have been generated using the below command :
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes
here is the logs in /var/logs
time="2022-09-22T10:55:55+02:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"ldb1_route\":{\"entryPoints\":[\"web\",\"websecure\"],\"middlewares\":[\"redirect_https\"],\"service\":\"ldb1_service\",\"rule\":\"Path(`/`)\"}},\"services\":{\"ldb1_service\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.1.99:8081\"},{\"url\":\"http://192.168.1.99:8082\"}],\"passHostHeader\":true}}},\"middlewares\":{\"redirect_https\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}}},\"tcp\":{},\"udp\":{},\"tls\":{\"stores\":{\"default\":{}}}}" providerName=file
time="2022-09-22T10:55:55+02:00" level=debug msg="Skipping unchanged configuration." providerName=file
time="2022-09-22T10:57:33+02:00" level=debug msg="http: TLS handshake error from 192.168.1.17:64076: remote error: tls: unknown certificate"
time="2022-09-22T10:57:33+02:00" level=debug msg="Serving default certificate for request: \"\""
