I am using Traefik proxy 2.2.0 with Kubernetes CRD. I have defined a middleware as follows:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: forwarded-proto-https
spec:
headers:
sslProxyHeaders:
X-Forwarded-Proto: "https"
I have applied this middlware to an Ingress Route as follows:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingress-route-name
namespace: ingress-route-namespace
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`dev.domain.com`)
middlewares:
- name: forwarded-proto-https
namespace: default
services:
- name: svc-name
port: 80
tls:
options:
name: tls-default
namespace: default
However, this results in a 404 when applied. When I remove the middlewares section of the IngressRoute definition it works just fine. Any thoughts on what I am doing incorrectly here?
Thanks.
Hello @tristan43,
It appears that you have configured a TLS enabled ingressroute, which you mention works correctly without the headers middleware.
The sslProxyHeaders setting is used to determine whether a request is SSL or not...Since I doubt your SSL request sets an X-forwarded-proto header, the middleware would break the chain, since it would no longer be treated as an SSL request.
Is your intention to add the X-forwarded-proto header to the backend request? if so, Traefik does that automatically.
Thank you. Yes my intention was to add the X-Forwarded-Proto header to the backend. I did not realize it happened automatically. Can you point me to the docs for that? It'll help in the future. Thanks so much.
Hello @tristan43,
I could have sworn that the docs used to contain that information, but it may not have been migrated when we released the v2 docs.
I opened a new documentation issue to add this to the docs, as it should be there: (Documentation does not list proxy headers that are automatically added · Issue #8294 · traefik/traefik · GitHub).
1 Like