Hello knowledgeable people,
I'm writing this post after many tries, much time spent reading similar posts, to no avail.
I'm really sorry if this has been talked about many times, but I can't seem to pinpoint the problem with my configuration.
I'm trying to setup a router that will redirect everything HTTP to HTTPS. The use case for Traefik is putting a proxy to Tactical RMM Docker installation.
I can't get the containers to start. I'm getting an error command traefik error: field not found, node: redirect-to-https
Here's all my configuration files as well as the docker-compose.yml
docker-compose.yml
version: '3.7'
services:
# =============================================================
#
# TRAEFIK - reverse proxy
#
# =============================================================
reverse-proxy:
image: traefik:latest
command:
- --log.level=DEBUG
- --configFile=/FileProvider/traefik.toml
- --providers.file.directory=FileProvider/
- --providers.file.watch=true
- --certificatesresolvers.certificato.acme.dnschallenge=true
env_file:
- .env
environment:
- DYN_CUSTOMER_NAME=${DYN_CUSTOMER_NAME}
- DYN_USER_NAME=${DYN_USER_NAME}
- DYN_PASSWORD=${DYN_PASSWORD}
container_name: traefik
labels:
- traefik.enable= "true"
- traefik.http.routers.http-catchall.entrypoints= "web-insecure"
- traefik.http.routers.http-catchall.rule= "HostRegexp(`{host:.+}`)"
- traefik.http.routers.traefik-rtr.tls= "true"
- traefik.http.routers.traefik-rtr.entrypoints= "web-secure"
- traefik.http.routers.traefik-rtr.service= "api@internal"
- traefik.http.routers.traefik-rtr.rule= "Host(`traefik.${DOMAIN}`)"
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme= "https"
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /var/traefik/acme.json:/acme.json:rw
- /var/traefik/FileProvider/:/FileProvider
- /var/traefik/traefik.log:/traefik.log:rw
restart: unless-stopped
# =============================================================
#
# WHOAMI - test webserver
#
# =============================================================
whoami:
image: containous/whoami
container_name: whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)
- traefik.http.routers.whoami.entrypoints=web-secure
- traefik.http.routers.whoami.tls.certresolver=certificato
- traefik.http.routers.whoami.tls.domains[0].main=.${DOMAIN}
configuration file for traefik : traefik.toml
################################################################
# >>>>>>>>>>> providers! ԅ(≖‿≖ԅ) #
################################################################
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedbydefault = false
defaultRule = "Host(`${DOMAIN}`)"
[api]
debug = true
dashboard = true
################################################################
# >>>>>>>>>>> entrypoints! (҂◡_◡) #
################################################################
[entrypoints.web-insecure]
address = ":80"
[entrypoints.web-insecure.http.redirect-to-https]
[entrypoints.web-insecure.http.redirect-to-https.entryPoint]
to = "web-secure"
scheme = "https"
permanent = true
#----#
[entrypoints.tcp-nats]
address = ":4222"
#----#
[entrypoints.web-secure]
address = ":443"
[entrypoints.web-secure.http.tls]
[[entrypoints.web-secure.http.tls.domains]]
main = "srv.xxx.com"
sans = ["traefik.srv.xxx.com",
"rmm.srv.xxx.com",
"mesh.srv.xxx.com",
"api.srv.xxx.com"]
################################################################
# >>>>>>>>>>> routers! for dashboard!! (⩾﹏⩽) #
################################################################
[http]
[http.routers]
[http.routers.traefik-rtr]
entrypoints = [ "web-secure" ]
service = "api@internal"
rule = "Host(`traefik.srv.xxx.com`) && ( PathPrefix(`/api`) || PathPrefix(`/dashboard`) )"
[http.routers.traefik-rtr.tls]
[[http.routers.traefik-rtr.tls.domain]]
main = "traefik.srv.xxx.com"
#----#
[http.routers.http-catchall]
entryPoints = ["web-insecure"]
middlewares = ["redirect-to-https"]
rule = "HostRegexp(`{host:.+}`"
service = "nope"
################################################################
# >>>>>>>>>>> middlewares! ᕦ(ò_óˇ)ᕤ #
################################################################
[http.middleware]
[http.middlewares.auth.basicAuth]
users = ["welxxx:$2y$05$zJ5ip36xlUw.agQisUKyeONz08yubBScFQpRjLOeND13s9NXQkYzq"]
#----#
[http.middlewares.redirect-to-https.redirectScheme]
scheme = "https"
#----#
[http.middlewares.remove-www-redirect.redirectregex]
regex = "https://www.([a-zA-Z0-9.]+.?)+"
replacement = "https://${1}"
permanent = true
################################################################
# >>>>>>>>>>> services! (u_u) #
################################################################
[http.services]
[http.services.nope.loadBalancer]
[http.services.nope.loadBalancer.servers]
url = "http://127.0.0.1"
################################################################
# >>>>>>>>>>> AUTO SSL PLEASE WORK! #
################################################################
[certificatesresolvers.certificato.acme]
email = "welxxx@xxx.com"
storage = "acme.json"
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[certificatesResolvers.certificato.acme.dnsChallenge]
provider = "dyn"
delayBeforeCheck = 0
resolvers = "8.8.8.8:53"
configuration file for Meshcentral : app-mesh.toml
################################################################
# >>>>>>>>>>>>>> routers FOR MESH !!! (っ▀¯▀)つ #
################################################################
[http.routers]
[http.routers.mesh]
entrypoints = ["web-secure"]
rule = "Host(`mesh.srv.xxx.com`)"
service = "mesh"
[http.routers.mesh.tls]
certResolver = "certificato"
################################################################
# >>>>>>>>>>>>> services FOR MESH !!! (っ▀¯▀)つ #
################################################################
[http.services]
[http.services.mesh]
[http.services.mesh.loadBalancer]
passHostHeader = true
[[http.services.mesh.loadBalancer.servers]]
url = "https://mesh.srv.xxx.com"
configuration file for mesh agent : app-meshagent.toml
################################################################
# >>>>>>> routers !! for mesh agent !! ฅ^-ﻌ-^ฅ #
################################################################
[http.routers]
[http.routers.meshcentral]
entryPoints = ["web-secure"]
rule = """Host(`mesh.srv.xxx.com`) &&
PathPrefix( `/agent.ashx`, `/meshrelay.ashx`, ) &&
Headers(`X-Forwarded-Proto`, `wss`) """
service = "meshcentral"
[http.routers.meshcentral.tls]
certResolver = "certificato"
################################################################
# >>>>>>> services !! for mesh agent !! ฅ^-ﻌ-^ฅ #
################################################################
[http.services]
[http.services.meshcentral]
[http.services.meshcentral.loadBalancer]
passHostHeader = true
[[http.services.meshcentral.loadBalancer.servers]]
url = "https://mesh.srv.xxx.com:4443"
configuration file for nats : app-nats.toml
################################################################
# Routers FOR NATS API !!! #
################################################################
[tcp.routers.nats-api]
entryPoints = [ "tcp-nats" ]
service = "nats-api"
rule = "HostSNI(`*`)"
################################################################
# Services FOR NATS API !!! #
################################################################
[[tcp.services.nats-api.loadBalancer.servers]]
address = "1xxxip:4222"
configuration file for Tactical RMM : app-rmm.toml
################################################################
# >>>>>>>>>>> router rules for RMM ! ᕙ(⇀‸↼)ᕗ #
################################################################
[http.routers]
[http.routers.rmm]
entryPoints = ["web-secure"]
rule = "Host(`rmm.srv.xxx.com`)"
service = "rmm"
[http.routers.rmm.tls]
certResolver = "certificato"
[[http.routers.rmm.tls.domains]]
main = "rmm.srv.xxx.com"
[http.services]
[http.services.rmm.loadBalancer]
passHostHeader = true
[[http.services.rmm.loadBalancer.servers]]
url = "https://rmm.srv.xxx.com:4443"
configuration file for the TacticalRMM API
################################################################
# Routers
################################################################
# This router is used by the rmm.a8n.tools frontend and the agents.
[http.routers.tactical-api]
entryPoints = [ "web-secure" ]
service = "tactical-api"
rule = "Host(`api.srv.xxx.com/`)"
[http.routers.tactical-api.tls]
certResolver = "certificato"
################################################################
# Services
################################################################
[[http.services.tactical-api.loadBalancer.servers]]
url = "https://api.srv.xxx.com/"
I'd be really grateful for any help, advice, anything that could help me.
Thank you for giving me your time and attention.