I just configured traefik and i got a question about entrypoints.
I want that every request from outside my home network goes through https, (tell me if i'm saying wrong) so i use only port 443 and i think port 80 is useless, then i tried to remove web (:80) entrypoint and closed port 80 forwarding on home router and all other port 80 dependencies, and everything works fine (i can reach services from outside home network through https request).
I don't know if i'm asking a wrong question, but can use only port 443 and remove port 80?
Do i need port 80 for something?
Or instead can i use port 443 for https request only from WAN and port 80 for request only from LAN?
Greetings! 
Even considering HSTS and HTTPS, HTTPS-Only Standard, HTTPS-First, and other transitions towards HTTPS, nowadays, usually, it's still required knowing the amount of TCP clients which may try http://
by default (:80
for decades) and only then try https
(:443
for decades) or not at all. Both ports are stated in Service Name and Transport Protocol Port Number Registry
at Internet Assigned Numbers Authority (IANA
).
Therefore, some single or two clients may still try connecting to you on 80 and if you have a proxy or any kind of redirection, and if configured that way and it all matches expected requests, the client should receive 301 HTTP, 302 HTTP, or any other prior chosen redirection kind to an endpoint/location with HTTPS schema and proper secure layer applied like Transport Layer Security (TLS
).
Current version of modern browsers like Google Chrome v117, for example, will automatically try HTTPS first with default configuration set, later HTTP, and only then show a failure message like ERR_CONNECTION_TIMED_OUT
if non resolved in successful TCP connection with the protocol/schema implicitly stated URI/URL/location like ://example.com
, example.com
or even 192.168.0.1
.
Have you tried curl -v http://your-domain.com
with the redirection set up for example? Please check out mixed content
term also if you haven't yet.
In other words, usually in various major cases, port :80
is used to redirect these clients which try HTTP
first. Some might state it's an additional step for less issues on clients side knowing how ineffably marvelous the World and History we know is... and how many magnificent implementations are out there...
It’s not mandatory, but clients usually try first to connect to port 80 using http, so most people place a redirect there.