I have the following static configuration:
entryPoints:
http:
address: ':50080'
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ':50443'
http:
middlewares:
- http2https@file
tls: {}
traefik:
address: ':58080'
providers:
file:
filename: "/dynamic/traefik-dynamic.yaml"
And the following dynamic configuration:
http:
routers:
httpdefault:
priority: 1
rule: PathPrefix(`/`)
entrypoints:
- https
middlewares:
- auth
service: unavailable
middlewares:
auth:
basicauth:
users: test:$apr1$pPLSeI5N$/iouRJtsqlefOb6m3NTkX
http2https:
redirectscheme:
scheme: https
port: 50443
services:
unavailable:
loadBalancer:
servers: {}
tls:
stores:
default:
defaultCertificate:
certFile: /etc/letsencrypt/live/.../cert.pem
keyFile: /etc/letsencrypt/live/..../privkey.pem
certificates:
- certFile: /etc/letsencrypt/live/..../cert.pem
keyFile: /etc/letsencrypt/live/.../privkey.pem
Yet STILL when sending HTTP request to https port, traefik answers with 404 (why?):
$ curl -vsSu test:test -k http://invalid....:50443
* Trying ...:50443...
* Connected to invalid (...3) port 50443
* Server auth using Basic with user 'test'
> GET / HTTP/1.1
> Host: invalid....:50443
> Authorization: Basic dGVzdDp0ZXN0
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Fri, 20 Oct 2023 10:45:35 GMT
< Content-Length: 19
<
404 page not found
* Connection #0 to host invalid.... left intact
In comparsing, http://www.google.com:443 just closes the connection:
$ curl -vs http://www.google.com:443
* Trying 142.250.203.132:443...
* Connected to www.google.com (142.250.203.132) port 443
> GET / HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/8.4.0
> Accept: */*
>
* Empty reply from server
* Closing connection
What can I do to make traefik STOP answering anything to HTTP (or any other non-TLS requests) on HTTPS port? Is there a "close connection" middleware? How can I strictly enforce to always explicitly use TLS?