HTTPS scheme not working

camo · October 15, 2019, 12:25pm

Using both traefik v1.7 and v2.0 I am hitting the below issue when using https on a site run with apache2 and ssl enabled within the container. I have seen this raised before but with no clear solution. Any help would be appreciated.

400 Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Build Files

Real domain been replaced with example.com below.
Valid SSL certs and domain are being used on testing

Traefik

version: '3.7'

networks:
  front-end:
    name: front-end
    driver: overlay
    attachable: true

services:
  traefik:
    image: "traefik:v2.0"
    hostname: traefik
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./certs.yaml:/etc/traefik/certs.yaml"
      - "/ssl/certs:/ssl/certs"
    labels:
      - "traefik.docker.lbswarm=true"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --providers.file.filename=/etc/traefik/certs.yaml
      - --providers.docker.swarmMode=true
      - --accesslog=true
      - "--log.level=DEBUG"
    networks:
      - front-end

Application

version: '3.7'

networks:
  front-end:
    external: true
  back-end:
    external: true

services:
  app:
    image: internal.example.image:apache2
    volumes:
      - /app/code:/var/www
      - /ssl/certs:/ssl
    deploy:
      labels:
        # redirect
        - "traefik.http.middlewares.app-ssl.redirectscheme.scheme=https"
        # http
        - "traefik.http.routers.app-norm.entrypoints=web"
        - "traefik.http.routers.app-norm.rule=Host(`example.com`)"
        - "traefik.http.routers.app-norm.middlewares=app-ssl@docker"
        # https
        - "traefik.http.services.app-ssl.loadbalancer.server.port=80"
        - "traefik.http.routers.app-ssl.entrypoints=websecure"
        - "traefik.http.routers.app-ssl.rule=Host(`example.com`)"
        - "traefik.http.routers.app-ssl.tls=true"

    networks:
      - front-end
      - back-end

Debug

ime="2019-10-15T11:19:10Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en;q=0.5\"],\"Cache-Control\":[\"max-age=0\"],\"Connection\":[\"keep-alive\"],\"Dnt\":[\"1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0\"],\"X-Forwarded-Host\":[\"example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"traefik\"],\"X-Real-Ip\":[\"192.168.100.3\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"192.168.100.3:26113\",\"RequestURI\":\"/\",\"TLS\":null}"
time="2019-10-15T11:19:10Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="http://10.0.6.128:443" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en;q=0.5\"],\"Cache-Control\":[\"max-age=0\"],\"Connection\":[\"keep-alive\"],\"Dnt\":[\"1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0\"],\"X-Forwarded-Host\":[\"example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"traefik\"],\"X-Real-Ip\":[\"192.168.100.3\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"192.168.100.3:26113\",\"RequestURI\":\"/\",\"TLS\":null}"

Topic		Replies	Views
Https with valid cert not works Traefik v2 docker , file	0	395	December 6, 2019
Redirect scheme (http to https) not working Traefik v2 middleware	6	4307	October 10, 2022
Http is working - https is not Traefik v2 docker	7	2928	February 15, 2021
Throws no error but also doesnt establish a https connection http is working fine Traefik v2 docker , middleware	6	23	September 23, 2024
Cannot get http -> https redirect to work properly Traefik v2 docker , middleware	3	1868	December 12, 2019

HTTPS scheme not working

Build Files

Debug

Related topics