Getting error 'redirected you too many times' for top level domain .app top level domain but if used with subdomain working

Traefik Traefik v2 (latest)
1

I have been trying to get the Traefik work for xyz.app domain and I have been getting 'redirected you too many times' error if I try it with a subdomain 'test.xyz.app' it works. Can anyone help me understand what I am doing wrong?

I am using cloudflare for dns and domain is bought from ionos.

I am using traefik v2.0.

Service Docker-Compose:

version: "3"
services:
  test-app:
    build: .
    volumes:
      - ./:/test
      - /test/node_modules
      - ../../../test/:test
    restart: unless-stopped
    command: pm2 start server.js --no-daemon
    networks:
      - web

    labels:
      - "traefik.http.routers.test-app-primary.rule=Host(`xyz.app`)"
      - "traefik.http.routers.test-app-secondary.rule=Host(`test.domain.com`)"
      - "traefik.docker.network=web"
      - "traefik.http.routers.test-app.entrypoints=websecure"
      - "traefik.http.routers.test-app.tls.certresolver=myhttpchallenge"
      - traefik.http.services.test-app.loadbalancer.server.port=3002
networks:
  web:
    external: true

Traefik Docker_Compose

version: "3"

services:
  reverse-proxy:
    container_name: traefik
    # The official v2.0 Traefik docker image
    image: traefik:v2.0
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - "--api=true"
      - "--api.dashboard=true"
      # - --api.insecure=true
      - --log.level=ERROR
      - --providers.docker
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
      #- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myhttpchallenge.acme.email=sddf@sadasd.com
      - "--certificatesresolvers.myhttpchallenge.acme.storage=/acme.json"
    networks:
      - web
    ports:
      # The HTTP port
      - "443:443"
      - "80:80"
  
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme.json:/acme.json
    labels:
      - "traefik.http.routers.catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.catchall.entrypoints=web"
      - "traefik.http.routers.catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=auth"
      - "traefik.http.routers.traefik.tls.certresolver=myhttpchallenge"
      - "traefik.http.routers.traefik.entrypoints=websecure"

networks:
  web:
    external: true

Cloudflare Details

dns
dns1045×298 19.2 KB

ssl
ssl1029×435 22.8 KB

edge-cert
edge-cert1064×2367 181 KB

2

I remember seeing another redirect thread involving cloudflare. I cannot find it with a cursory search though.

3

This is a blocker please help

4

@ldez please can you help

5

Hello,

Take a look to the following files:

version: '3.7'

services:
  reverse-proxy:
    container_name: traefik
    image: traefik:v2.2
    command:
      - --api=true
      # - --api.insecure=true
      - --log.level=INFO
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certResolver=leresolver
      - --certificatesresolvers.leresolver.acme.httpchallenge=true
      - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
      #- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.email=sddf@sadasd.com
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
    networks:
      - web
    ports:
      - 443:443
      - 80:80
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme.json:/acme.json
    labels:
      traefik.enable: true
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: auth
      traefik.http.routers.traefik.entrypoints: websecure

networks:
  web:
    external: true

version: '3.7'
services:
  test-app:
    build: .
    volumes:
      - ./:/test
      - /test/node_modules
      - ../../../test/:test
    restart: unless-stopped
    command: pm2 start server.js --no-daemon
    networks:
      - web
    labels:
      traefik.enable: true
      traefik.docker.network: web
      traefik.http.routers.test-app.rule: Host(`xyz.app`) || Host(`test.domain.com`)
      traefik.http.routers.test-app.entrypoints: websecure
      traefik.http.services.test-svc.loadbalancer.server.port: 3002
networks:
  web:
    external: true

As Traefik handle the TLS and the redirection, I don't think that you need to define it in Cloudflare.