Hi,
I want to run Traefik behind a load balancer that performs SSL termination. To indicate whether it was an HTTP or an HTTPS request, the load balancer sets the X-Forwarded-Proto header accordingly. Can I configure Traefik to send HTTP -> HTTPS redirections? It looks like RedirectScheme only looks at the actual protocol... (which in this case is always HTTP)
Thanks!
I personally configured that on the load balancer itself. Since it does SSL termination, I feel that this functionality belongs there.
I cannot think of a way to do this on the traefik side if it does not take into account " X-Forwarded-Proto".
AFAIK, the Google Cloud Platform Load Balancer does not support handling the redirect
Hello,
You can already do that, but due to a bug the redirection is skipped when X-Forwarded-Proto: https so I used X-Test: https instead:
curl -k -L -H "X-Test: https" http://whoami.com.localhost
version: "3.7"
services:
traefik:
image: "traefik:v2.0.4"
command:
- --entrypoints.web.address=:80
# - --entrypoints.web.forwardedheaders.insecure
- --entrypoints.websecure.address=:443
- --api.insecure
- --providers.docker
- --providers.docker.exposedbydefault=false
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.xprotoredirect.rule: Host(`whoami.com.localhost`) && Headers(`X-Test`, `https`)
# traefik.http.routers.xprotoredirect.rule: Host(`whoami.com.localhost`) && Headers(`X-Forwarded-Proto`, `https`)
traefik.http.routers.xprotoredirect.entrypoints: web
traefik.http.routers.xprotoredirect.middlewares: redirect@docker
traefik.http.routers.whoami.rule: Host(`whoami.com.localhost`)
traefik.http.routers.whoami.entrypoints: websecure
traefik.http.routers.whoami.tls: true
traefik.http.middlewares.redirect.redirectscheme.scheme: https