Http to Https Redirect with Cloudflare Tunnel

Traefik Traefik v2
1

Hey Traefik Community,

I'm facing an issue with my Traefik setup where it's not redirecting HTTP traffic to HTTPS when using a Cloudflare Tunnel. The Cloudflare Tunnel and Traefik are both running on the same network.

Here's my docker-compose configuration:

version: "3.9"
services:
  tunnel:
    container_name: cf-tunnel
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    environment:
      - TUNNEL_TOKEN=$CF_TUNNEL_TOKEN
    networks:
      - cftunnel-transport


  traefik:
    image: traefik:2.9
    container_name: cf-traefik
    restart: always
    networks:
      - cftunnel-transport
      - cloudflaretunnel
    environment:
      - CF_DNS_API_TOKEN=$CF_DNS_API_TOKEN
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/:/etc/traefik/
      - ./config/conf/:/etc/traefik/conf/
      - ./config/certs/:/etc/traefik/certs/

networks:
  cftunnel-transport:
  cloudflaretunnel:
    external: true

traefik Config:

global:
  checkNewVersion: false
  sendAnonymousUsage: false

log:
  level: DEBUG

api:
  dashboard: true
  insecure: true
  debug: false

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: :443

certificatesResolvers:
  cloudflare:
    acme:
      email: "my_cloudflare_mail@mail.com"
      storage: /etc/traefik/certs/cloudflare-acme.json
      caServer: 'https://acme-v02.api.letsencrypt.org/directory'
      keyType: EC256
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    exposedByDefault: false
    endpoint: 'unix:///var/run/docker.sock'
    watch: true
    swarmMode: false
  file:
    directory: /etc/traefik/conf/
    watch: true

Labels for the whoami container:

image
image1209×176 19.6 KB

Cloudflare Configuration:

Screenshot 2024-04-15 073251
Screenshot 2024-04-15 0732511373×904 158 KB

I can connect via HTTPS to https://test.domain.com , but http://test.domain.com doesn't redirect to HTTPS. I'm unsure about what's causing this issue. The redirection works fine with my local DNS entry. I suspect it might be related to Cloudflare, as even after removing the web:80 entrypoint from Traefik, the issue remains the same.

I'd appreciate any help or insights to resolve this issue.

2

Maybe you need to add a http service at CF?

3

I think you'll need to add a redirect middleware to your traefik config or add the middleware label for the redirect:

  middlewares:  
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
4

This seems to happen because traefik is only seeing the tls connection from cloudflared, completely missing the fact that the user is actually connected to cloudflare's servers via http.

Only way I've found to fix this is to enable https redirection in the cloudflare dashboard (SSL/TLS > Edge Certificates).

5

@nxt97 @flexyneat
Have you been able to get it working?

I'm facing a similar situation. In my setup, Traefik handles multiple endpoints and manages an open port.
I was considering using a Cloudflare tunnel to route traffic through the tunnel to Traefik while keeping everything else unchanged.

It would be fantastic if you could share how you made it work