Good day,
I have applied a global HTTP -> HTTPS redirection using this this approach and it works fine. Additionally, I would like to add global www -> non-www redirection, which gets applied to any route.
If I try this configuration, the the www -> non-www redirection does not work. However, if I try to apply the redirect middleware directly within a Docker service:
it does work. But still, this approach is not global.
First thing that occurred to me is the fact that the redirect-to-nonwww router gets a lower priority than any other application router because its rule is simply shorter. I tried setting the priority:
@Dan42 hi, no.
I still plug in the redirect middleware explicitly to every service I want the redirect for. Still hoping for someone from the dev team shedding some light here.
@ldez Thank you for this, someone came up with this workaround:
# Global http to https redirect
traefik.http.routers.http-catchall.rule: "hostregexp(`{host:.+}`)"
traefik.http.routers.http-catchall.entrypoints: web
traefik.http.routers.http-catchall.middlewares: redirect-to-https
On a side note, I noticed you created a posting on GItHub regarding (or someone did) and I didn't notice the CLI version on there. Should it be on there as well to make sure if they use it they post up both version, does it not make a difference or did I just completely miss it (highly likely)?
Note: the redirections are made by routers, the routers are a part of the dynamic configuration, so a CLI flags version is not possible because flags handle the static configuration.
This is what I'm looking for as I have spent countless hours trying to figure out how to do the www to http redirect to no avail... EXCEPT... I can't get it to work. I'm close but having Let's Encrypt issues (at least that's what I think my issue is).
Not sure why when I enter https://www... it doesn't work. I'm assuming it's trying to check the certificate before it does a redirect (URL remains at https://www.traefik-whoami.creativesandbox.dev). Same result in both Safari and Firefox though warnings are worded differently.
I tried adding and extra rule to the whoami service so that it read "Host(traefik-whoami.creativesandbox.dev) || Host(https://www.traefik-whoami.creativesandbox.dev)" but that didn't make any difference... and now I'm out of ideas.
Maybe I'm searching for the wrong things but all my searches for www to non-www have not helped me (until you came along with this).
Thanks for all the work so far, here's hoping you can help with this last little bit. Current code below:
# Based on https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d
# Global redirection incl. www to https [Global redirect www to non-www with HTTPS redirection](https://community.containo.us/t/global-redirect-www-to-non-www-with-https-redirection/2313/9?u=mindgonemad)
# Swarm Mode [How to install Traefik 2.x on a Docker Swarm](https://creekorful.me/how-to-install-traefik-2-docker-swarm/)
version: "3.7"
services:
traefik:
image: traefik:2.0.2
networks:
- traefik-public
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker.exposedbydefault=false
# Swarm
- --providers.docker.swarmMode=true
# Enables web UI and tells Traefik to listen to docker
- --providers.docker
- --api
# Let's Encrypt
- --certificatesresolvers.leresolver.acme.email=myemail@email.com
- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
# Logging
- --log.level=DEBUG # DEBUG, ERROR, INFO???
- --log.filePath=/traefik.log
- --log.format=json
ports:
- "80:80"
- "443:443"
volumes:
- ./letsencrypt:/letsencrypt
- ./logs/traefik.log:/traefik.log
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
placement:
constraints:
- node.role == manager
labels:
traefik.enable: "true"
# Dashboard
traefik.http.routers.traefik.rule: "Host(`traefik.creativesandbox.dev`)"
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.tls.certresolver: leresolver
traefik.http.routers.traefik.entrypoints: websecure
traefik.http.routers.traefik.middlewares: auth-traefik
# Swarm Mode
traefik.http.services.traefik.loadbalancer.server.port: 80
# Basic Auth
traefik.http.middlewares.auth-traefik.basicauth.users: "user:reallylongcodegoeshere"
# Global redirection - http to https
traefik.http.routers.http-catchall.rule: "hostregexp(`{host:(www\\.)?.+}`)"
traefik.http.routers.http-catchall.entrypoints: web
traefik.http.routers.http-catchall.middlewares: redirect-to-https
# Global redirection - https://www to https
traefik.http.routers.https-catchall.rule: "hostregexp(`{host:(www\\.).+}`)"
traefik.http.routers.https-catchall.entrypoints: websecure
traefik.http.routers.https-catchall.tls: "true"
traefik.http.routers.https-catchall.middlewares: redirect-to-https
# Middleware redirection
traefik.http.middlewares.redirect-to-https.redirectregex.regex: "^https?://(?:www\\.)?(.+)"
traefik.http.middlewares.redirect-to-https.redirectregex.replacement: "https://$${1}"
traefik.http.middlewares.redirect-to-https.redirectregex.permanent: "true"
#traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
whoami:
image: containous/whoami:v1.3.0
networks:
- traefik-public
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.whoami.rule: "Host(`traefik-whoami.creativesandbox.dev`)"
traefik.http.routers.whoami.middlewares: auth-whoami
traefik.http.routers.whoami.entrypoints: websecure
traefik.http.routers.whoami.tls: "true"
traefik.http.routers.whoami.tls.certresolver: leresolver
# Swarm Mode
traefik.http.services.whoami.loadbalancer.server.port: 80
# Basic Auth
traefik.http.middlewares.auth-whoami.basicauth.users: "user:reallylongcodegoeshere"
networks:
traefik-public:
external: true
You need to make sure that the cert matches all the domains https connection can come to. I do not see you configuring any sans so that could be the reason.
I'll be honest, I'm struggling to wrap my head around this. So far I have done everything use CLI (labels) but I only see examples for SAN using yaml or toml files? Does this mean I need to create now or those? And/or do I need to switch back to DNS challenge instead of TLS because I must say the DNS challenge was a pain in the proverbial as every time I created a service I had to wait for it to propagate (and remember too)?
CLI and labels is not the same. CLI refer to static configuration and labels refer to dynamic one, these are not to be mixed. I'm assuming you don't actually mean CLI, but labels.
I experienced the same problem: https://www.domain.tld was not redirected to https://domain.tld. The other two global redirects worked.
In my case I could solve it with adding the wwwtohttps middleware to the whoami container as well: