Error middleware cuts off query parameters?

Traefik Traefik v2 (latest)
, ,
1

Hi,
i have created a single page web app and i am currently learning traefik.
I would like to route all errors (especially 404) to my main-page, and handle them there.
Therefore, i have added a error middle were, like supposed in the docs, but it seems, that my query-parameter gets cut off. - "traefik.http.middlewares.error-pages-middleware.errors.query=/?error={status}" - So, i am ending up on my main-page, but i cannot display it there.
Does anyone have an idea, what i am doing wrong?
Following is my traefik config, and my nginx config (currenlty named cdn), which serves all of my static files.

I am not a pro in GO, but looking at the source, i think it should work, or is there any other place, which handles the query parameters?

version: "3.5"
services:
 traefik:
    image: "traefik:v2.3"
    restart: always
    command:
      - "--api"
      - "--accesslog"
      - "--log"
      - "--log.level=INFO"
      - "--api.insecure=false"
      - "--providers.consulCatalog.exposedbydefault=false"
      - "--providers.consulCatalog.endpoint.address=http://consul:8500"
      - "--providers.consulCatalog.prefix=traefik"
      - "--providers.consulCatalog.refreshInterval=1s"

      - "--providers.docker"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.swarmmode"
      - "--providers.docker.watch=true"
      - "--metrics"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"

      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.le.acme.email=${MAIL}"
      - "--certificatesresolvers.le.acme.storage=/certificates/acme.json"
      - "--certificatesresolvers.le.acme.tlschallenge=true"

      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--entrypoints.websecure.http.middlewares=www-to-canonical@file"

      - "--entrypoints.websecure.http.tls=true"
      - "--entrypoints.websecure.http.tls.certResolver=le"
      - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}"
      - "--entrypoints.websecure.http.tls.domains[0].sans=www.${DOMAIN},prometheus.${DOMAIN},grafana.${DOMAIN},traefik.${DOMAIN},consul.${DOMAIN}"

      - "--providers.file.filename=/etc/traefik/dynamic_conf.yml"
      - "--providers.file.watch=true"
    environment:
      - DOMAIN=${DOMAIN}
    ports:
      - "80:80"
      - "443:443"
    deploy:
      replicas: 1
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"

        - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
        - "traefik.http.routers.dashboard.service=api@internal"
        - "traefik.http.routers.dashboard.entrypoints=websecure"
        - "traefik.http.services.traefik.loadbalancer.server.port=8080"

        - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
        - "traefik.http.middlewares.dashboard-auth.basicauth.users=${TRAEFIK_USERS}"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./deployment/traefik/certificates:/certificates"
      - "./deployment/traefik/conf/dynamic_conf.yml:/etc/traefik/dynamic_conf.yml:ro"
    networks:
      - traefik

 cdn:
    image: 127.0.0.1:5000/web
    build:
      context: .
      dockerfile: web/Dockerfile
      args:
        - NODE_ENV=${NODE_ENV}
    deploy:
      replicas: 1
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.routers.cdn-https.rule=Host(`${DOMAIN}`)&&Path(`/`,`/bundle.js`,`/bundle.css`)"
        - "traefik.http.routers.cdn-https.entrypoints=websecure"
        - "traefik.http.routers.cdn-https.service=cdn"
        - "traefik.http.routers.cdn-https.middlewares=cdn-auth"
        - "traefik.http.services.cdn.loadbalancer.server.port=80"

        - "traefik.http.middlewares.cdn-auth.basicauth.users=${CDN_USERS}"

        - "traefik.http.routers.error-router.rule=HostRegexp(`{host:.+}`)"
        - "traefik.http.routers.error-router.priority=1"
        - "traefik.http.routers.error-router.entrypoints=websecure"
        - "traefik.http.routers.error-router.middlewares=error-pages-middleware"
        - "traefik.http.middlewares.error-pages-middleware.errors.status=400-599"
        - "traefik.http.middlewares.error-pages-middleware.errors.service=cdn"
        - "traefik.http.middlewares.error-pages-middleware.errors.query=/?error={status}"
    networks:
      - traefik
      
networks:
  traefik:
    external: true

dynamic-conf.yml
(used to forward "https://www.domain.xyz" to "https://domain.xyz"

http:
  routers:
    www-catchall:
      rule: Host(`www.{{env "DOMAIN"}}`)
      service: basic-redirect-service-stub
      entrypoints:
        - websecure
      middlewares:
        - www-to-nonwww
        
  middlewares:
    www-to-nonwww:
      redirectRegex:
        regex: https://(www\.(.*))
        replacement: https://${2}
        permanent: true

  services:
    basic-redirect-service-stub:
      loadBalancer:
        servers:
          - url: "http://127.0.0.1"

Thanks in advance,
Mick

2

Hello @mick,

The query parameters from the proxied request is not copied over to the error page request, as it is replaced by the custom query configured in the error middleware.

If you think that this should be enhanced, please feel free to open an issue on our github page.

3

Hi Daniel,
thank you for your answer.
I am not quiet sure, if we are talking of the same thing. Sorry, if i am wrong.

Replacing my request with the query of the error middleware is exactly what i want, but instead of forwarding to e.g. domain.xyz/{status}.html i would like to get forwarded to domain.xyz/?error={status} (so always the same page, but the error-code from the middleware should be there as query parameter).

Therefore, i configured my middleware like this: ...middleware.errors.query=/?error={status}, but the page i end up is always just domain.xzy/, so the query parameters, configured in the middleware, are missing.

4

Hello @mick,

Sorry I may have misunderstood.

Can you check the dashboard and see if the query configured for the middleware is being loaded properly?

I'm wondering if there is a possible parsing error.

Also, can you enable the debug log and see if the error request is being logged with the query parameters and what they are?

5

here is my dashboard, query seems good, i think - there aren't also no errors anywhere

image
image1326×782 25.5 KB

here is my log, i can see there \"RawQuery\":\"error=404\", but shouln't it be \"RawQuery\":\"?error=404\"

could it be, that it is related to this issue on github?


{"ForwardURL":{"Scheme":"http","Opaque":"","User":null,"Host":"XX.X.XX.XXX:80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"Request":"{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":{},\"Host\":\"\",\"Path\":\"/test1234\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Authorization\":[\"Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Sec-Ch-Ua\":[\"\\\"Chromium\\\";v=\\\"91\\\", \\\" Not;A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\"],\"X-Forwarded-Host\":[\"domain.xyz\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"7f4b3e8d3bf2\"],\"X-Real-Ip\":[\"XX.XXX.XXX.XX\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"domain.xyz\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"XX.XXX.XXX.XX:38058\",\"RequestURI\":\"/test1234\",\"TLS\":null}","level":"debug","msg":"vulcand/oxy/roundrobin/rr: Forwarding this request to URL","time":"2021-07-12T21:38:00Z"}

{"Request":"{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":{},\"Host\":\"\",\"Path\":\"/test1234\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Authorization\":[\"Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Sec-Ch-Ua\":[\"\\\"Chromium\\\";v=\\\"91\\\", \\\" Not;A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\"],\"X-Forwarded-Host\":[\"domain.xyz\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"7f4b3e8d3bf2\"],\"X-Real-Ip\":[\"XX.XXX.XXX.XX\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"domain.xyz\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"XX.XXX.XXX.XX:38058\",\"RequestURI\":\"/test1234\",\"TLS\":null}","level":"debug","msg":"vulcand/oxy/roundrobin/rr: completed ServeHttp on request","time":"2021-07-12T21:38:00Z"}

{"level":"debug","middlewareName":"error-pages-middleware@docker","middlewareType":"customError","msg":"Caught HTTP Status Code 404, returning error page","time":"2021-07-12T21:38:00Z"}

{"Request":"{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"http\",\"Opaque\":\"\",\"User\":null,\"Host\":\"0.0.0.0\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"error=404\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Authorization\":[\"Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Sec-Ch-Ua\":[\"\\\"Chromium\\\";v=\\\"91\\\", \\\" Not;A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\"],\"X-Forwarded-Host\":[\"domain.xyz\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"7f4b3e8d3bf2\"],\"X-Real-Ip\":[\"XX.XXX.XXX.XX\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"0.0.0.0\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"\",\"RequestURI\":\"/?error=404\",\"TLS\":null}","level":"debug","msg":"vulcand/oxy/roundrobin/rr: begin ServeHttp on request","time":"2021-07-12T21:38:00Z"}

{"ForwardURL":{"Scheme":"http","Opaque":"","User":null,"Host":"XX.X.XX.XXX:80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"Request":"{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"http\",\"Opaque\":\"\",\"User\":null,\"Host\":\"0.0.0.0\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"error=404\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Authorization\":[\"Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Sec-Ch-Ua\":[\"\\\"Chromium\\\";v=\\\"91\\\", \\\" Not;A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\"],\"X-Forwarded-Host\":[\"domain.xyz\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"7f4b3e8d3bf2\"],\"X-Real-Ip\":[\"XX.XXX.XXX.XX\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"0.0.0.0\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"\",\"RequestURI\":\"/?error=404\",\"TLS\":null}","level":"debug","msg":"vulcand/oxy/roundrobin/rr: Forwarding this request to URL","time":"2021-07-12T21:38:00Z"}

{"Request":"{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"http\",\"Opaque\":\"\",\"User\":null,\"Host\":\"0.0.0.0\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"error=404\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Authorization\":[\"Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Sec-Ch-Ua\":[\"\\\"Chromium\\\";v=\\\"91\\\", \\\" Not;A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\"],\"X-Forwarded-Host\":[\"domain.xyz\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"7f4b3e8d3bf2\"],\"X-Real-Ip\":[\"XX.XXX.XXX.XX\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"0.0.0.0\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"\",\"RequestURI\":\"/?error=404\",\"TLS\":null}","level":"debug","msg":"vulcand/oxy/roundrobin/rr: completed ServeHttp on request","time":"2021-07-12T21:38:00Z"}

XX.XXX.XXX.XX - user [12/Jul/2021:21:38:00 +0000] "GET /test1234 HTTP/2.0" 404 3751 "-" "-" 88 "error-router@docker" "http://XX.X.XX.XXX:80" 11ms

{"level":"debug","middlewareName":"cdn-auth@docker","middlewareType":"BasicAuth","msg":"Authentication succeeded","time":"2021-07-12T21:38:00Z"}

{"Request":"{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":{},\"Host\":\"\",\"Path\":\"/style.css\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/css,*/*;q=0.1\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en-US;q=0.9,en;q=0.8\"],\"Authorization\":[\"Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29"],\"Cache-Control\":[\"no-cache\"],\"Pragma\":[\"no-cache\"],\"Referer\":[\"https://domain.xyz/test1234\"],\"Sec-Ch-Ua\":[\"\\\"Chromium\\\";v=\\\"91\\\", \\\" Not;A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"style\"],\"Sec-Fetch-Mode\":[\"no-cors\"],\"Sec-Fetch-Site\":[\"same-origin\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\"],\"X-Forwarded-Host\":[\"domain.xyz\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"7f4b3e8d3bf2\"],\"X-Real-Ip\":[\"XX.XXX.XXX.XX\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"domain.xyz\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"XX.XXX.XXX.XX:38058\",\"RequestURI\":\"/style.css\",\"TLS\":null}","level":"debug","msg":"vulcand/oxy/roundrobin/rr: begin ServeHttp on request","time":"2021-07-12T21:38:00Z"}
6

Hello @mick,

From the 5th line of your debug log there, it does show the raw (unparsed) query to be error=404, but this is (from what I can tell) correct. Later on in the line, it shows the RequestURI to be: "RequestURI\":\"/?error=404\" which is what should be sent to your server (/?error=404).

I'm not sure why your server isn't registering the query.

7

ah okay, i have not seen this - thank you for your help anyways.
just one question, i have checked, what is happening, when i use curl with an invalid url,
shouldn't there be another "301 Moved Permanently" to redirect to the error page?

My conclusion seeing this is, that the routing is just done internally, without notifying the client? So, the client does not get redirected, its just done one the server, right?
Currently, i have a set of translated error-messages, which i want to display just on the client, depending on the query parameter. Therefore, i am using this feature completely wrong, am i right?

[mick@mick-manjaro ~]$ curl --user user:XXXXXX  domain.xyz/test1234 -L -v
*   Trying XXX.XXX.XXX.XX:80...
* Connected to domain.xyz (XXX.XXX.XXX.XX) port 80 (#0)
* Server auth using Basic with user 'user'
> GET /test1234 HTTP/1.1
> Host: domain.xyz
> Authorization: Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29
> User-Agent: curl/7.77.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://domain.xyz/test1234
< Date: Mon, 12 Jul 2021 22:37:25 GMT
< Content-Length: 17
< Content-Type: text/plain; charset=utf-8
< 
* Ignoring the response-body
* Connection #0 to host domain.xyz left intact
* Issue another request to this URL: 'https://domain.xyz/test1234'
*   Trying XXX.XXX.XXX.XX:443...
* Connected to domain.xyz (XXX.XXX.XXX.XX) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=domain.xyz
*  start date: Jul 11 14:22:10 2021 GMT
*  expire date: Oct  9 14:22:09 2021 GMT
*  subjectAltName: host "domain.xyz" matched cert's "domain.xyz"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'user'
* Using Stream ID: 1 (easy handle 0x55c768466180)
> GET /test1234 HTTP/2
> Host: domain.xyz
> authorization: Basic T5EwBFH2nhJJqVfZyVy55XrZyXXRfH29
> user-agent: curl/7.77.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 404 
< accept-ranges: bytes
< content-type: text/html
< date: Mon, 12 Jul 2021 22:37:25 GMT
< etag: "60ecc051-ea7"
< last-modified: Mon, 12 Jul 2021 22:21:05 GMT
< server: nginx/1.20.1
< content-length: 3751
< 
  <<<< website content here >>>

EDIT:
yes, i am stupid, this is my nginx log, and there is also the ?errror=404
Is there any way to archive the redirect, without obfuscating the status code?

Sorry for my stupidity.

XX.X.XX.XXX - user [12/Jul/2021:22:59:30 +0000] "GET /?error=404 HTTP/1.1" 200 3751 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" "-"
8

@mick,

This is correct. Traefik just sends a request to your error server, and substitutes that response into the body of the main request. Note that you can use query matchers on your router to specify which error page to display, such as:

Query(`language=en`)

Then that router will only match with the language query, and therefore you can have an error page that has a custom query of /?error={status}&language=en query.

That sort of configuration may give you the flexibility you are looking for.

1 Like
9

i guess, i have to rework my error-concept.
thanks a lot for the clarification.

10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.