Http to https doesn't seem to work

seisdr · April 7, 2024, 4:57pm

I looked for answers here: How to redirect http to https with Traefik 2.0 and Docker Compose labels? - Stack Overflow
But none helped

version: '2.1'
services:
  nginx-mailcow:
    networks:
      # Add Traefik's network
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)"
      - "traefik.http.routers.moo.tls=true"
      - "traefik.http.routers.moo.tls.certresolver=le"
      - "traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}"
      - "traefik.http.routers.moo.entrypoints=websecure"
      - "traefik.http.middlewares.moo-redirectscheme.redirectscheme.scheme=https"
#      - traefik.http.routers.moo.entrypoints=web"
#      - traefik.http.routers.http-moo.middlewares=redirect-to-https
      - "traefik.http.middlewares.moo-r.redirectscheme.scheme=https"
      - "traefik.http.middlewares.moo-r.redirectscheme.permanent=true"
      - "traefik.http.routers.moo.middlewares=moo-r"
      - "traefik.docker.network=terafik_default"

  certdumper:
    image: humenius/traefik-certs-dumper
    command: --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1
    # network_mode: none
    volumes:
      # Mount the volume which contains Traefik's `acme.json' file
      #   Configure the external name in the volume definition
      - /opt/traefik/letsencrypt/:/traefik:ro
      # Mount mailcow's SSL folder
      - ./data/assets/ssl/:/output:rw
      # Mount docker socket to restart containers
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: always
    environment:
      # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
      - DOMAIN=${MAILCOW_HOSTNAME}

networks:
  web:
    external:
      # Name of the external network
      name: terafik_default

#volumes:
#  acme:
#    external:
      # Name of the external docker volume which contains Traefik's `acme.json' file
#      name: acme

# Traefik 2 (2.0.7) config file.

# Enables accesslog
[accessLog]

# Providers (platform which traefik will connect with).
[providers]
  [providers.docker]
    exposedByDefault = false # Disable automatic rules for running containers. Used to avoid un-used rules, you can enable it if youre curious tho.
    endpoint = "unix:///var/run/docker.sock" # links the docker socket to traefik. Used to allow traefik to manage docker.

 
# Entrypoints (exposed ports that traefik will listen to trough tcp)
[entryPoints]
  [entryPoints.web]
    address = ":80"


  [entryPoints.websecure]
    address = ":443"

# Api (api and traefik's dashboard (automatically exposed on port 8080))
[api]
  insecure = true
  dashboard = true

# Acme (ACME config with the basic le (Lets Encrypt) config, domains will be specified on each container via labels, or here.
[certificatesresolvers.le.acme]
  email = "mail"
  storage = "acme.json" # Path where our acme file will be generated, in this case "./acme.json".
  tlschallenge = "true"

    [certificatesresolvers.le.acme.httpChallenge]
    entryPoint = "web"
    
    # dnsChallege is not mandatory but it can be used for wildcard certificates.
    [certificatesResolvers.le.acme.dnsChallenge]
    provider = "digitalocean"
    delayBeforeCheck = 5
#[tls.stores]
#  [tls.stores.default.defaultGeneratedCert]
#    resolver = "le"
#    [tls.stores.default.defaultGeneratedCert.domain]
#      main = ""
#      sans = ["", ""]

Http don't get redirected to https but instead ' 404 page not found '

wollomatic · April 7, 2024, 5:06pm

Hi,

redirecting from http to https is a standard use case and will work.

You could redirect from port 80/http to port 443/https directly from the entrypoint.
Here's a working example of a traefik configuration file: simple-traefik/config/traefik.yaml at master · wollomatic/simple-traefik · GitHub

bluepuma77 · April 7, 2024, 7:58pm

Usually you would do the redirect globally on entrypoint, saves a lot of labels.

If you want to use labels, then you need to make sure your target service is listening on web, too, to be able to redirect to websecure.

seisdr · April 7, 2024, 8:59pm

I have a service running at http so i can't turn global redirecting

seisdr · April 7, 2024, 9:13pm

As labels go i tried adding a new entreypoint web and tried changing websecure to web both approach didn't do an effect http still shows 404

>
* Request completely sent off
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Sun, 07 Apr 2024 21:11:08 GMT
< Content-Length: 19
< Connection: close

bluepuma77 · April 8, 2024, 8:14am

This works:

#docker-compose.yml
version: '3.9'

services:
  traefik:
    image: traefik:latest
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt
      #- /var/log:/var/log
    command:
      - --api.dashboard=true
      - --log.level=INFO
      #- --log.filepath=/var/log/traefik.log
      - --accesslog=true
      #- --accesslog.filepath=/var/log/traefik-access.log
      - --providers.docker.network=proxy
      - --providers.docker.exposedByDefault=false
      - --entrypoints.web.address=:80
      #- --entrypoints.web.http.redirections.entrypoint.to=websecure
      #- --entryPoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls.certresolver=myresolver
      - --certificatesresolvers.myresolver.acme.email=mail@example.com
      - --certificatesresolvers.myresolver.acme.tlschallenge=true
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.entrypoints=websecure
      - traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

  whoami:
    image: traefik/whoami:v1.10
    networks:
      - proxy
    labels:
      - traefik.enable=true
      #- traefik.http.routers.mywhoami.entrypoints=web,websecure # default anyway
      - traefik.http.routers.mywhoami.rule=Host(`whoami.example.com`) || PathPrefix(`/whoami`)
      - traefik.http.routers.mywhoami.middlewares=myredirect
      - traefik.http.middlewares.myredirect.redirectscheme.scheme=https
      - traefik.http.services.mywhoami.loadbalancer.server.port=80

networks:
  proxy:
    name: proxy

volumes:
  letsencrypt:
    name: letsencrypt

Topic		Replies	Views
Redirect http to https does not work Traefik v3 (latest) docker	5	185	August 25, 2024
I can't set up redirect http to https Traefik v2 docker , middleware	2	137	July 1, 2024
Http to https redirect - Again Traefik v2 docker	10	1704	February 24, 2020
Redirect scheme (http to https) not working Traefik v2 middleware	6	4304	October 10, 2022
Cannot get http -> https redirect to work properly Traefik v2 docker , middleware	3	1864	December 12, 2019

Http to https doesn't seem to work

Related topics