Hi all,
My HTTPS redirection doesnt works
Traefik.yaml
api:
dashboard: true
#Traefik.yml
log:
level: DEBUG
#Define HTTP and HTTPS entrypoints
entryPoints:
unsecure:
address: ":80"
secure:
address: ":443"
#Dynamic configuration will come from docker labels
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
network: "traefik-network"
exposedByDefault: false
file:
directory: "/tls/"
#Enable acme with http file challenge
certificatesResolvers:
le:
acme:
email: toto.toto@gmail.com
storage: /acme.json
tlsChallenge: {}
docker-compose.yml
version: '3'
services:
traefik:
image: traefik:latest
container_name: Traefik
ports:
- "80:80"
- "443:443"
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./Traefik.yaml:/etc/traefik/traefik.yaml:ro
- ./tls:/tls
- ./acme.json:/acme.json
labels:
- "traefik.enable=true"
# HTTP to HTTPS redirection
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=secured"
# Docker labels for enabling Traefik dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.toto.xyz`)"
- "traefik.http.routers.traefik.entrypoints=secure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.middlewares=authTraefik"
- "traefik.http.middlewares.authTraefik.basicauth.users=sdsdqdds"
environment:
- TZ=Europe/Paris
networks:
traefik:
external: true
And my nginx docker-compose
version: '3'
services:
perso:
image: registry.gitlab.com/nginnnnx/sitecv
container_name: ${NAME}
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.${SERVICE}.rule=Host(`toto.xyz`) || Host(`www.toto.xyz`)"
- "traefik.http.routers.${SERVICE}.entrypoints=secure"
- "traefik.http.routers.${SERVICE}.tls.certresolver=le"
- "traefik.http.services.${SERVICE}.loadbalancer.server.port=${PORT}"
networks:
- traefik
networks:
traefik:
external: true
Can you help me ?
https is ok but http does not redirect to Https
This is the reference implementation I use for redirecting HTTP to HTTPS.
It is largely borrowed from the v1 to v2 migrations docs . It is easy to miss:
Below is taken from my own Production Reference Implementation (on Github)
# Redirect all HTTP to HTTPS permanently
- traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)
- traefik.http.routers.http_catchall.entrypoints=web
- traefik.http.routers.http_catchall.middlewares=https_redirect
- traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
1 Like
Thanks !
I set :
- "traefik.http.routers.http_catchall.rule= HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http_catchall.entrypoints=unsecure"
- "traefik.http.routers.http_catchall.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=secure"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
But still got
comassky:
"traefik.http.routers.${SERVICE}.entrypoints=secure"
I don't have that in my configs on the destination containers.
This is what I have in my reference for django apps (for example):
labels:
- traefik.enable=true
- traefik.http.routers.example.rule=Host(`example.com`,`www.example.com`)
- traefik.http.routers.example.tls=true
- traefik.http.routers.example.tls.certresolver=le
- traefik.http.services.example.loadbalancer.server.port=8000
Thanks !
But still not works
labels:
- "traefik.enable=true"
- "traefik.http.routers.${SERVICE}.rule=Host(`toto.xyz`) || Host(`www.toto.xyz`)"
- "traefik.http.routers.${SERVICE}.tls=true"
- "traefik.http.routers.${SERVICE}.tls.certresolver=le"
- "traefik.http.services.${SERVICE}.loadbalancer.server.port=80"
Let's go back to the firefox error message.
Can you share the actual domains/addresses?
Or, if not, would you mind doing this on the command line?
curl -I http://example.com and show the output?
Here is an example:
deploy@prod:~/deployment/containers/traefik$ curl -I http://simplecto.com
HTTP/1.1 308 Permanent Redirect
Location: https://simplecto.com/
Date: Mon, 24 Feb 2020 10:20:51 GMT
Content-Length: 18
Content-Type: text/plain; charset=utf-8
11:19:40 › curl -I http://hjacquot.xyz
HTTP/1.1 308 Permanent Redirect
Location: secure://hjacquot.xyz/
Date: Mon, 24 Feb 2020 10:27:50 GMT
Content-Length: 18
Content-Type: text/plain; charset=utf-8
But why "secure://" ...
ah!
I see it! Do you?
Location: secure://hjacquot.xyz/
That should say
Location: https://hjacquot.xyz/
Therefore, try:
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
in your config?
so for some reason the system thinks I might be spam.
This line:
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=secure"
should be
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
1 Like
It works ! Thanks again
But i don't really understand why .... secure should be redirect to traefik.yaml declaration isn't it ?
entryPoints:
unsecure:
address: ":80"
secure:
address: ":443"
https://docs.traefik.io/middlewares/redirectscheme/#redirectscheme
That part of the docs references port numbers, not URL schemes. Given that Traefik can route TCP, that means there could be multiple schemes? (I'm kinda guessing here) I don't have experience with that however.
Glad it worked out in the end.
1 Like
