Https middleware not firing for certain stack

Traefik Traefik v2
,
1

So I have portainer declared in the same docker-compose as traefik as such:

  portainer:
    image: portainer/portainer
    #restart: always
    networks:
      - traefik
    labels:
      - traefik.enable=true
      - traefik.http.routers.portainer.entrypoints=http
      - traefik.http.routers.portainer.rule=Host(`portainer.thinkpad.tld`)
      - traefik.http.routers.portainer.middlewares=https-redirect@file
      - traefik.http.routers.portainer-ssl.entrypoints=https
      - traefik.http.routers.portainer-ssl.tls=true
      - traefik.http.routers.portainer-ssl.rule=Host(`portainer.thinkpad.tld`)
      - traefik.http.routers.portainer-ssl.service=portainer
      - traefik.http.services.portainer.loadbalancer.server.port=9000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - portainer-data:/data
    container_name: portainer

This works fine and the redirect from http to https is set in the dynamic config:

http:
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

The problem though happens in a different setup with Gitlab running behind Traefik:

  gitlab:
    image: 'gitlab/gitlab-ce:12.5.3-ce.0'
    networks:
      - traefik
    labels:
      - traefik.enable=true
      # Gitlab
      - traefik.http.routers.gitlab.entrypoints=http
      - traefik.http.routers.gitlab.rule=Host(`gitlab.thinkpad.tld`)
      - traefik.http.routers.gitlab.middlewares=https-redirect@file
      - traefik.http.routers.gitlab-ssl.entrypoints=https
      - traefik.http.routers.gitlab-ssl.tls=true
      - traefik.http.routers.gitlab-ssl.rule=Host(`gitlab.thinkpad.tld`)
      - traefik.http.routers.gitlab-ssl.service=gitlab
      - traefik.http.services.gitlab.loadbalancer.server.port=80
      # Gitlab registry
      - traefik.http.routers.gitlab-registry.entrypoints=http
      - traefik.http.routers.gitlab-registry.rule=Host(`gitlab-registry.thinkpad.tld`)
      - traefik.http.routers.gitlab-registry.middlewares=https-redirect@file
      - traefik.http.routers.gitlab-registry-ssl.entrypoints=https
      - traefik.http.routers.gitlab-registry-ssl.tls=true
      - traefik.http.routers.gitlab-registry-ssl.rule=Host(`gitlab-registry.thinkpad.tld`)
      - traefik.http.routers.gitlab-registry-ssl.service=gitlab-registry
      - traefik.http.services.gitlab-registry.loadbalancer.server.port=5005
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        gitlab_rails['registry_enabled'] = true
        gitlab_rails['gitlab_default_projects_features_container_registry'] = true
        registry_external_url 'http://localhost:5005'
    ports:
      - '22:22'
    volumes:
      - gitlab-config:/etc/gitlab
      - gitlab-logs:/var/log/gitlab
      - gitlab-data:/var/opt/gitlab
    container_name: gitlab

With this setup Gitlab and the registry gets served on https but the http never gets a redirect.
Also Im intrigued as to why some routers are not apparent in the dashboard (gitlab and gitlab-registry) as contrary to the portainer service who is showing all routers.

Screenshot_20191204_150211
Screenshot_20191204_1502111433×466 60.7 KB

There are some error logs for those routers:

level=error msg="Could not define the service name for the router: too many services" routerName=gitlab-registry providerName=docker
level=error msg="Could not define the service name for the router: too many services" providerName=docker routerName=gitlab

Is there a need to associate a service with these routers? (Never did with portainer)

2

Hello,

the problem is related to the routers used to redirect, you have to define explicitly the service because on this container you have 2 services.

    labels:
      - traefik.enable=true
      # Gitlab
      - traefik.http.routers.gitlab.entrypoints=http
      - traefik.http.routers.gitlab.rule=Host(`gitlab.thinkpad.tld`)
      - traefik.http.routers.gitlab.middlewares=https-redirect@file
      - traefik.http.routers.gitlab.service=gitlab # never called
      
      - traefik.http.routers.gitlab-ssl.entrypoints=https
      - traefik.http.routers.gitlab-ssl.tls=true
      - traefik.http.routers.gitlab-ssl.rule=Host(`gitlab.thinkpad.tld`)
      - traefik.http.routers.gitlab-ssl.service=gitlab
      - traefik.http.services.gitlab.loadbalancer.server.port=80
      
      # Gitlab registry
      - traefik.http.routers.gitlab-registry.entrypoints=http
      - traefik.http.routers.gitlab-registry.rule=Host(`gitlab-registry.thinkpad.tld`)
      - traefik.http.routers.gitlab-registry.middlewares=https-redirect@file
      - traefik.http.routers.gitlab-registry.service=gitlab-registry # never called

      - traefik.http.routers.gitlab-registry-ssl.entrypoints=https
      - traefik.http.routers.gitlab-registry-ssl.tls=true
      - traefik.http.routers.gitlab-registry-ssl.rule=Host(`gitlab-registry.thinkpad.tld`)
      - traefik.http.routers.gitlab-registry-ssl.service=gitlab-registry
      - traefik.http.services.gitlab-registry.loadbalancer.server.port=5005

Note that you can reduce the number of labels:

    labels:
      - traefik.enable=true

      - traefik.http.routers.redirect.entrypoints=http
      - traefik.http.routers.redirect.rule=Host(`gitlab.thinkpad.tld`, gitlab-registry.thinkpad.tld)
      - traefik.http.routers.redirect.middlewares=https-redirect@file
      - traefik.http.routers.redirect.service=gitlab # never called
      
      # Gitlab
      - traefik.http.routers.gitlab-ssl.entrypoints=https
      - traefik.http.routers.gitlab-ssl.tls=true
      - traefik.http.routers.gitlab-ssl.rule=Host(`gitlab.thinkpad.tld`)
      - traefik.http.routers.gitlab-ssl.service=gitlab
      - traefik.http.services.gitlab.loadbalancer.server.port=80

      # Gitlab registry
      - traefik.http.routers.gitlab-registry-ssl.entrypoints=https
      - traefik.http.routers.gitlab-registry-ssl.tls=true
      - traefik.http.routers.gitlab-registry-ssl.rule=Host(`gitlab-registry.thinkpad.tld`)
      - traefik.http.routers.gitlab-registry-ssl.service=gitlab-registry
      - traefik.http.services.gitlab-registry.loadbalancer.server.port=5005

Note you can also create a global redirect:

version: '3.7'

services:
  traefik:
    image: traefik:v2.1.0-rc3
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --log.level=INFO
      - --api
      - --providers.docker.exposedbydefault=false
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    labels:   
      traefik.enable: true

      # Dashboard
      traefik.http.routers.traefik_dash.rule: Host(`dashboard.localhost`)
      traefik.http.routers.traefik_dash.entrypoints: web
      traefik.http.routers.traefik_dash.service: api@internal

      # # Global redirect HTTP to HTTPS
      traefik.http.routers.catchall.rule: HostRegexp(`{any:.+}`)
      traefik.http.routers.catchall.entrypoints: web
      traefik.http.routers.catchall.service: api@internal
      traefik.http.routers.catchall.middlewares: tlsredirect

      # # Middlewares
      traefik.http.middlewares.tlsredirect.redirectscheme.scheme: https

  gitlab:
    image: 'gitlab/gitlab-ce:12.5.3-ce.0'
    labels:
      traefik.enable: true
      
      # Gitlab
      traefik.http.routers.gitlab-ssl.entrypoints: websecure
      traefik.http.routers.gitlab-ssl.tls: true
      traefik.http.routers.gitlab-ssl.rule: Host(`gitlab.thinkpad.tld`)
      traefik.http.routers.gitlab-ssl.service: gitlab
      traefik.http.services.gitlab.loadbalancer.server.port: 80

      # Gitlab registry
      traefik.http.routers.gitlab-registry-ssl.entrypoints: websecure
      traefik.http.routers.gitlab-registry-ssl.tls: true
      traefik.http.routers.gitlab-registry-ssl.rule: Host(`gitlab-registry.thinkpad.tld`)
      traefik.http.routers.gitlab-registry-ssl.service: gitlab-registry
      traefik.http.services.gitlab-registry.loadbalancer.server.port: 5005
3

Much appreciated,
Definitely need to use those global redirects