Https on additional custom port (8080)

Traefik Traefik v2 (latest)
1

I use the fictional domain name backend.mydomain.com instead of the domain that is acually used for the sake of this question.
I am moving a microservice into a docker environment where traefik proxy is used. I need the service to be reachable via https:://backend.mydomain.com:8080/ .
Other Services run as docker containers that use the default 443 port with their domains, but this specific Service must additionally be reachable on port 8080 via https.

For this purpose, in traefik.yml we have defined

entryPoints:
    http:
        address: ":80"
        http:
            redirections:
                entryPoint:
                    to: https
                    scheme: https
    https:
        address: ":443"
        http:
            tls:
                certResolver: http-resolver
    myservice:
         address: ":8080"
         http:
            redirections:
                 entryPoint:
                     to: https
                     scheme: https

And on the docker-compose definition for the corresponding Microservice:

  myservice:
    #...
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myservice.entrypoints=https,myservice"
      - "traefik.http.routers.myservice.rule=Host(`backend.mydomain.com`)"
      - "traefik.http.services.myservice.loadbalancer.server.port=8080"

Within its container the service runs on port 8080 as well, hence the last line in the docker-compose file. However this approach does not solve my problem:

  • It does forward from http to https with a 301 (staying on 8080 would probably be better, but the 301 is probably ok too)
  • https://backend.mydomain.com:8080/ however gives me a 404 <- this is the problem

How do I get it to work? The traefik documentation on entrypoints doesn't really have a lot of info - Is my approach even the right one?
See also my related Stackoverflow post.

2

Hi @IARI

You want to keep it on port 8080 but just use https ?

remove the to: https on the myservice entrypoint as this is directing to port 443

3

The redirect would probably be ok, just keeping it on 8080 would be preferrable - But that is not the problem - the main problem is that it does not work, only on http, but on https i get the 404.

4

I repeat: remove the to: https on the myservice entrypoint as this is directing to port 443

5

Tried that - didn't change the main problem - still getting a 404.
http still works, but without the redirect (thx).

I'm sorry if I failed to describe the problem clearly - improving upon that in the original post.

6

It looks like you are also missing the TLS configuration on the myservice entrypoint.

7

As you have suggested I have removed the line

to: https

and added the tls configuration, so the complete entrypoint config in traefik.yml now corresponds to

    myservice:
         address: ":8080"
         http:
            tls:
                certResolver: http-resolver
            redirections:
                 entryPoint:
                     scheme: https

I noticed that the example configs always specify 'leresolver' however, in our config I find

certificatesResolvers:
    http-resolver:
        acme:
            email: admin@mydomain.com
            storage: /data/acme.json
            httpChallenge:
                entryPoint: http
    tls-resolver:
        acme:
            email: admin@mydomain.com
            storage: /data/acme.json
            tlsChallenge: {}

It now works with both ports, 443 and 8080.

1 Like
8

The name is arbitrary, like you show it is whatever you have configured :+1:

1 Like
9

Thanks so much for your time - it works.
I updated my last response, such that it contains a complete solution to my initial question and marked it as solution.

1 Like
10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.