Http redirect to https in v2.2

Traefik Traefik v2
,
1

I deployed a basic setup for traefik to test the migration from 1.7.x to 2.2.0. However the 2.2.0 new feature of redirecting http to https does not seem to work as I expected.

I expect when I go to http://dashboard.internal.domain.com I end up on https://dashboard.internal.domain.com

Currently I'm not being redirected to https.

Although when I uncomment - traefik.http.routers.dashboard.middlewares=redirect-web-to-websecure@internal it works

But what I can read from the documentation it's not needed to add the middleware manually

traefik stack:

version: "3.6"
services:
  node:
    image: traefik:latest
    networks:
      - public
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
    deploy:
      mode: global
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - node_data:/etc/traefik/
    configs:
      - source: traefik_config_20200426_04
        target: /etc/traefik/traefik.yml
      - source: traefik_htpasswd_20200422_00
        target: /etc/traefik/.htpasswd
    environment:
      - DO_AUTH_TOKEN=${DIGITALOCEAN_AUTH_TOKEN}
    command: traefik --configFile=/etc/traefik/traefik.yml
networks:
  public:
    external: true
volumes:
  node_data:
configs:
  traefik_config_20200426_04:
    external: true
  traefik_htpasswd_20200422_00:
    external: true

traefik config:

global:
  checkNewVersion: true

providers:
  docker:
    network: public
    endpoint: unix:///var/run/docker.sock
    swarmMode: true
    exposedByDefault: false
  file:
    directory: /etc/traefik/dynamic

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443
    http:
      tls:
        certResolver: default
        domains:
          - main: "internal.domain.com"
            sans:
              - "*.internal.domain.com"

api:
  insecure: true
  dashboard: true
  debug: true

log:
  level: INFO

certificatesResolvers:
  default:
    acme:
      email: certificates@domain.com
      storage: /etc/traefik/acme.json
      dnsChallenge:
        provider: digitalocean

dashboard stack:

version: '3.3'
services:
  node:
    image: charypar/swarm-dashboard:latest
    environment:
      PORT: '8080'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - public
    deploy:
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.http.routers.dashboard.rule=Host(`dashboard.internal.domain.com`)
#        - traefik.http.routers.dashboard.middlewares=redirect-web-to-websecure@internal
        - traefik.http.services.dashboard.loadbalancer.server.port=8080
      placement:
        constraints:
          - node.role == manager
networks:
  public:
    external: true
2

I found a solution for my issue. I still think it's not the preferred way. But hey it works right?! :man_shrugging:

Since the web-to-websecure middleware wasn't attached to any route I added the middleware manually to the web entrypoint http option. This way I no longer need to add it to a label in every stack file.

global:
  checkNewVersion: true

providers:
  docker:
    network: public
    endpoint: unix:///var/run/docker.sock
    swarmMode: true
    exposedByDefault: false
  file:
    directory: /etc/traefik/dynamic

entryPoints:
  web:
    address: :80
    http:
      middlewares:
        - redirect-web-to-websecure@internal
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443
    http:
      tls:
        certResolver: default
        domains:
          - main: "internal.domain.com"
            sans:
              - "*.internal.domain.com"

api:
  insecure: true
  dashboard: true
  debug: true

log:
  level: INFO

certificatesResolvers:
  default:
    acme:
      email: certificates@domain.com
      storage: /etc/traefik/acme.json
      dnsChallenge:
        provider: digitalocean
3

There has been a bug in 2.2 which is fixed in 2.2.1 about entrypoint redirection priorities: