How to force redirect to https

I am using following labels for trafeik docker-compose. How do I force trafeik to redirect to https for dashboard and any services. It is not changing with scheme.

- "traefik.http.middlewares.https-redirectscheme.redirectscheme.scheme=https"
      - "traefik.http.routers.traefiktls.entrypoints=websecure"
      - "traefik.http.routers.traefik.rule=Host(`xyx.domain.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=myhttpchallenge"
      - "traefik.http.routers.traefik.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=tom:dasdasd"

Hello,

I recommend to read https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d

Take a look at:

• A global http -> https redirection?
• Global http to https redirect in v2

Thanks for your help. It didn't help, do I have to provide the middleware for traefik and as well as the service. My goal is whenever user have address without https redirect for dashboard and service it regardless of it having www or not.

Here are the labels for trafeik:

 labels:
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.traefik.middlewares=redirect-to-https"
      - "traefik.http.routers.traefik.rule=Host(`xyz.domain.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=myhttpchallenge"
      - "traefik.http.routers.traefik.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=u:test"

Here are labels for service:

   - "traefik.http.routers.chat-app.rule=Host(`abc.domain.com`)"
   - traefik.http.services.chat-app.loadbalancer.server.port=3001
   - "traefik.http.routers.chat-app.entrypoints=web"
   - "traefik.http.routers.chat-app.entrypoints=websecure"
   - "traefik.http.routers.chat-app.tls.certresolver=myhttpchallenge"

still looking for solution

The catchall and the api/dashboard have to use 2 routers:

 labels:
      - "traefik.http.routers.catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.catchall.entrypoints=web"
      - "traefik.http.routers.catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      
      - "traefik.http.routers.traefik.rule=Host(`xyz.domain.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.middlewares=auth"
      - "traefik.http.routers.traefik.tls.certresolver=myhttpchallenge"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.middlewares.auth.basicauth.users=u:test"

• https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d
• https://github.com/containous/blog-posts/tree/master/2019_09_10-101_docker

Also you cannot use one label (traefik.http.routers.chat-app.entrypoints) several times for the same router, and you have to set only the tls entrypoint:

   - "traefik.http.routers.chat-app.rule=Host(`abc.domain.com`)"
   - "traefik.http.routers.chat-app.entrypoints=websecure"
   - "traefik.http.routers.chat-app.tls.certresolver=myhttpchallenge"
   - traefik.http.services.chat-app.loadbalancer.server.port=3001

How can I use the force direct in this case..? I am using K8s , AWS ACM

Here is my traefik-service.yaml file

kind: Service
apiVersion: v1
metadata:
  name: {{ template "traefik.fullname" . }}
  labels:
{{ include "traefik.labels" . | indent 4 }}
  namespace: kube-system
  annotations:
    {{ if .Values.service.host }}
    {{ if not .Values.isLocalEnvironment }}
    external-dns.alpha.kubernetes.io/hostname: {{ .Values.service.host }}
    {{ end }}
    {{ end }}

    {{ if .Values.loadbalancer.protocol }}
    {{ if not .Values.isLocalEnvironment }}
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: {{ .Values.loadbalancer.protocol }}
    {{ end }}
    {{ end }}

    {{ if .Values.loadbalancer.certificate }}
    {{ if not .Values.isLocalEnvironment }}
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.loadbalancer.certificate }}
    {{ end }}
    {{ end }}

    {{ if .Values.loadbalancer.port }}
    {{ if not .Values.isLocalEnvironment }}
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: {{ .Values.loadbalancer.port }}
    {{ end }}
    {{ end }}
spec:
  selector:
    app: {{ template "traefik.name" . }}
    release: {{ .Release.Name }}
  ports:
    - protocol: TCP
      name: web
      port: 80
      targetPort: 8000
    - protocol: TCP
      name: admin
      port: 8080
      targetPort: 8080
    - protocol: TCP
      name: websecure
      port: 443
      targetPort: 4443
  type: LoadBalancer```





Here is my values file

service:
  host:
loadbalancer:
  protocol:
  certificate:
  port:
isLocalEnvironment: false
useSSL: false
dashboard:
    domain: traefik.local
ssl:
  defaultCert: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBejUybUFKemF0dHRqN1dnRjZKK1o4U0R5Qy9iSnpYaXZQNjRwbE5HSDBUZjMvY2hQCk5ydnN1aGRuNEVYRkpNU2w4M29MOFpocnl3N25UbXR1RlhTSjVQL2RldVV2d2Q5KzJTdkZuUzY2OFFmZTVjTTcKOFVLbWZiY1FWUVluZTZCcjhZS1hacTNmZWZ2Y3dZZ2x6eDVncXNIeFNPNzk3T01hQVBLb0ViYmZZZGhrYVl1NQo1bTlxWlB6dzdjS1IzUjg5bVF0TElmSzJwV0cvZjZySkJENDZ6bUJJQm8yT29pNGVVQXloOXRwMFdnWjlRRUt5CnhQZU9lL2c2Rk5CNlA1NStmUVZiVVVySk1FZHBGY0pYVjIwSzZJNkVtWStrUnpoc2VzKzh4VUpWQkFPSVhPOFEKcDdEUHZSaThvcGNaVi9tV0wxVkovMFJ5aDlDazlqTDVZMVBhdlFJREFRQUJBb0lCQVFDbXN2RVArdUdPQXRmWQpUamE0VWpYYnExVk5qK2oyeHRrSHE0S05rRE9hSkhORlhPbGxqRHlHS3Jib0YzMDBpWVNwMnl2dDN6Rmx5R0NtCjBaR0JQcUpkc2FlV3ZxQzY3UVcvditxYXkyT2tsbW85VjZZd2tCQjRUbDJadHloS2xrTTFsbUtVT2pWK2oyRHcKTDY0VUFGTWpxRGRoRlN2allYR0dvMCtaY1prb3lKRnZ2MGo3QU9yWXBUd2RiWmMySG0wTEpFNmxOTE9MVUVQKwprc0l1aDNHSWdENXdiaXBidldMUTlicDd0RURNZ01ic2ZaOFJHOUs0cnNHSUszcGpuKzdMek8yeWQ0cXhoV0wwCk5lb1M4VGs1eGRiN3VpS2RjTHF3NTUvWGxVSVZDcUVCVThnWHoranorT0ltMXgwQ3MxU1pNMUZJQ25xbUNCVzkKNjd2b3kwRUJBb0dCQU8xSEU1bzlhTmlGOEkwaHN1elh0MGVoMEFPSVMzWTN3S0lqc1pMMTJ6V0Q5ZDhYZjR1ZgpDN3BYeTNVOTYvSGtQTlRmeGxZZUhVVzByTy92N09nZWNITmNJZ2tBaTd1TCsxV20wRzEwb0kyaVlySmlPc25lCkdvOTN3M3RZTGZwTXBIbU9JalN6Qi9RMnNnTnpuSzJLeENoTDgwWGJMWjE4YVRlWEpzVDM1Q2I5QW9HQkFOLy8KYWQ3Z2Rtdld5WXFWRlZ1Y0tlNTV6UTRQUXpIa1FNYmlsRElwcmwrKzJHd0QwZ1NVU0Q0QWRFeHduL0tQWTZsUQpoV20xNzBTTVlic1F3Zk43Y0MrSGowK0pIRnVnaUFLWHdNZmo0ZG5FWDQwNUh3Wi94V3dZK1FrSHZ4UHFNVG1EClJ3Q05VcFZJOTVVVTlFTkVlMUZzN2trbUlQZXJ4UUxVQjFOMTVTN0JBb0dBYTBzL3B2aHI1N1V4WUhCRG0ydTAKT2hVR25nSk10VWxpdHk3U3huU2NTbWZBajcvdGNmSmFlRW5vKzd3amJEOWI3cHE5OGdVdUVXNHc0VktwMnhDZwpvdG1mbmxoNzF6UG1WQVhackJVWDROUDBNMXZOMzZpcWRBT2hCcTZLSSt2eVYvRVlzS0hnVCtOSHZkM1NsSHJ5ClZwSjVrRFliTzJLZHBZQ1pER3BYNWZVQ2dZQVROeC9uNUsyRDlycjNUbTYwbXlMbHVFRWs4WjQ4QzI2YklSakIKYk4zdWpMcVlHWVBNck1POXZlQThKblV5STZiVEFYdFFaREVRV2xLUDc1SVR4d1VLcnNCV2ZGYVliWjc5U2ZOWgpzbXpQZDQ4UzJGR1hCeUx5Y1BuOEVsUUw2MDBwdDk5Qlp0NHN2RU93NEVsTDgvWDRPRFlBeEdxVGxJS2tDWGhQCmFvK3NnUUtCZ1FEc3dDT2xTN3pSWGdYUkdHRGNpWGRMbEFQQ2dIQklaNUFWVXh6ekhDMGI3WUIxQ0FHbnAxNXkKbk9CcmhMdzhGUnloSHROVEJrSGM5SjQ0REVKL3Y1N1VrbWRocU9PZ0NqbUM2dXZTTXRSdnVEWEhLV0t4Q2JsTwpORmtkVTl0K0x4MFlQeDF3YUtnWW1EZFVsL2ErN2tjNHhUZjFIV1F0LzZPQVJGTHliKzZnUFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  defaultKey: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGVENDQWYyZ0F3SUJBZ0lKQU5Dc2gvdCtwT1ZKTUEwR0NTcUdTSWIzRFFFQkN3VUFNQmd4RmpBVUJnTlYKQkFNTURYUnlZV1ZtYVdzdWJHOWpZV3d3SGhjTk1Ua3dOREl4TWpFd01UQTRXaGNOTXpnd05qSXdNakV3TVRBNApXakFZTVJZd0ZBWURWUVFEREExMGNtRmxabWxyTG14dlkyRnNNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF6NTJtQUp6YXR0dGo3V2dGNkorWjhTRHlDL2JKelhpdlA2NHBsTkdIMFRmMy9jaFAKTnJ2c3VoZG40RVhGSk1TbDgzb0w4WmhyeXc3blRtdHVGWFNKNVAvZGV1VXZ3ZDkrMlN2Rm5TNjY4UWZlNWNNNwo4VUttZmJjUVZRWW5lNkJyOFlLWFpxM2ZlZnZjd1lnbHp4NWdxc0h4U083OTdPTWFBUEtvRWJiZllkaGthWXU1CjVtOXFaUHp3N2NLUjNSODltUXRMSWZLMnBXRy9mNnJKQkQ0NnptQklCbzJPb2k0ZVVBeWg5dHAwV2daOVFFS3kKeFBlT2UvZzZGTkI2UDU1K2ZRVmJVVXJKTUVkcEZjSlhWMjBLNkk2RW1ZK2tSemhzZXMrOHhVSlZCQU9JWE84UQpwN0RQdlJpOG9wY1pWL21XTDFWSi8wUnloOUNrOWpMNVkxUGF2UUlEQVFBQm8ySXdZREFKQmdOVkhSTUVBakFBCk1Bc0dBMVVkRHdRRUF3SUY0REFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0p3WUQKVlIwUkJDQXdIb0lOZEhKaFpXWnBheTVzYjJOaGJJSU5kSEpoWldacGF5NXNiMk5oYkRBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FRRUFHNjA4ei9SaE1DeWxJVHdjTVpaUkxHSDRxRndOSHF0UzRyMkMrVzVSaDVTd3c1R0Q2aWZ6ClZJUC96Q0hodmNLWTRveERmQTZnNzBzSVJQT2FKcURaR2FhbGhoWjMxeC9mQmkvd1FMUUROdVQ4elNtckk4SUgKSWtTWUpYcHhHTE9DaEt1NG9nSHNseVdVb2hXZVhuSytMVWNkVm45Z2VxbXU4SzhZLzVhZFJvZERmNVlMZUdRegp6Nmxmc1BEU3pZcHZqQmVlQ1ltUU01dVpLS2diYlNkZHZlcDUrZUpWY2NTZCt4c1liZFJXZDU5Tmc4V3dxcVF0CjgxdzVneVJDSzFERXg3ODhFTzM1aGJRSkFvN2JiKzlmSWNJODFsNUlRMjdobzNPVU1aWlRZQ2w1U1Z1ZkdBckEKdHV0K2lOTm9Ca05HZjRrTndob1lOS0p6M2ZUU2xBVGMwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  enabled: true```

Above is my values file

thank you so much. Have a follow up how do I know when to use new label. I have 2 separate services running one with same router works.
Service 1:

 - "traefik.http.routers.chat-app.rule=Host(`abc.domain.com`)"
   - "traefik.http.routers.chat-app.entrypoints=websecure"
   - "traefik.http.routers.chat-app.tls.certresolver=myhttpchallenge"
   - traefik.http.services.chat-app.loadbalancer.server.port=3001

Service 2

 - "traefik.http.routers.chat-app-group.rule=Host(`xyz.domain.com`)"
   - "traefik.http.routers.chat-app-group.entrypoints=websecure"
   - "traefik.http.routers.chat-app-group.tls.certresolver=myhttpchallenge"
   - traefik.http.services.chat-app-group.loadbalancer.server.port=3002

I couldn't wrap my head around why it is working for case 1 and failing for case 2. Is there a rule of thumb when to use same name within label or just use different for each line.

Thanks!