HTTP to HTTPS Redirect Causing a 404

Traefik Traefik v2 (latest)
1

I have read through countless threads on here and other sites, but none of the solutions are helping me. I have a Docker Compose Traefik setup that I have been playing around with to test the product. It is a simple Traefik and Whoami container in a single Docker Compose file.

When I visit HTTPS, the Whoami loads no problem. When I visit HTTP I get a 404. The expected behavior is to have the HTTP redirect permanently to HTTP.

Here is my self contained docker-compose.yml file:

version: "3.7"
services:
  traefik:
    container_name: "traefik_container"
    image: traefik:2.1
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./letsencrypt:/letsencrypt"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=web"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email={{ EMAIL REMOVED}}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    labels:
      - "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
      - "traefik.http.routers.http_catchall.entrypoints=web"
      - "traefik.http.routers.http_catchall.middlewares=https_redirect"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
    networks:
      - web
  whoami:
    container_name: "whoami_container"
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.{{ TLD REMOVED }}`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
    networks:
      - web

networks:
  web:
    external: true
2

I figured it out!

I am using --providers.docker.exposedbydefault=false to prevent the auto exposure of all containers. This issue was, that this blocked traffic from reaching the "http_catchall" router. I had to add traefik.enable=true to the labels block on the traefik container this enables access to the "http_catchall" router.

1 Like
3

Hi Chris,

You have a 404, because you don't declare the use of Entrypoint 80 in your labels.

Try this :

labels:
  - "traefik.enable=true"
  -  "traefik.http.routers.whoami.rule=Host(`whoami.docker.{{ TLD REMOVED }}`)"
  - "traefik.http.routers.whoami.entrypoints=web"
  - "traefik.http.routers.whoami.rule=Host(`whoami.docker.{{ TLD REMOVED }}`)"
  - "traefik.http.routers.whoami.entrypoints=websecure"
  - "traefik.http.routers.whoami.tls.certresolver=myresolver"

If you don't, Traefik can't know that your domain is available on the 80.

I have never tried a catchall directly in the Traefik's labels. I don't know if it works :slight_smile:

4

I found the solution shortly after you replied. Since I am doing the catch all, I don't have to expose the web entrypoint on the child service.

Thank you though!

5

Hi, I encountered the same issue, even if I set - "traefik.enable=true" label in my webapp container, the redirect still not work, and 404 error still exists.