Issues doing HTTPS redirect from <WAN-IP> to <DNS-DOMAIN-NAME>

Hi everyone!

I have a Traefik v3 server hosted on my internal infrastructure and I'm having issues convincing it to do a redirect for one of my services (which is also hosted on my internal network) from https:// to https://. The DNS A record exists on a DNS public server and I have the port forwarding rule configured on my router so that it passes HTTPS traffic to Traefik.

I've been going through the Traefik's documentation and I've also did a lot of testing but still ... no luck in getting it to work.

Here's part of my Traefik's dynamic configuration:

http:
  middlewares:
    [...]
    https-redirectregex:
      redirectRegex:
        regex: "^https://<WAN-IP>/(.*)"
        replacement: "https://<DNS-DOMAIN-NAME>"
        permanent: true
  routers:
    [...]
    my-router:
      rule: "Host(`<DNS-DOMAIN-NAME>`)"
      entryPoints:
        - "websecure"
      service: "my-svc"
      tls:
        certResolver: "external-ca"
        options: "intermediate@file"
    my-redirect-router:
      rule: "Host(`<WAN-IP>`)"
      entrypoints:
        - websecure
      middlewares:
        - https-redirectregex
      service: dummyservice
  services:
    dummyservice:
      loadBalancer:
        serversTransport: "insecure-transport"
        servers:
          - url: "http://dummy"  # Dummy placeholder
    my-svc:
      loadbalancer:
        passHostHeader: true
        serversTransport: "insecure-transport"
        servers:
          - url: "https://<INTERNAL-SERVER-IP>"
  serversTransports:
    insecure-transport:
      insecureSkipVerify: true

The my-router works fine, it issues the LE SSL certificate and when the requests for https://<DNS-DOMAIN-NAME> hits Traefik, it then forwards those requests as per my-svc service to the internal IP of the server that provides the needed service.

Instead my-redirect-router doesn't do the needed redirect. If externally I'm trying to access https://<WAN-IP> I get that an invalid security certificate is used (see attachments).

issues-doing-https-wan-ip-to-https-dns-domain-name-redirect-v0-r62cikl6zxrd1640×522 24.8 KB

And the certificate seems to be some default self-signed certificate from Traefik:

... and if I Accept the Risk and Continue I'll end up hitting a webpage containing this text:

404 page not found

I'm really hoping to find some community users with a better understanding of Traefik's configuration and help me understand what have I missed so far or what have I misunderstood.

Thanks in advance!

How do you want to get a public browser trusted LetsEncrypt TLS cert for a WAN IP?

That’s not possible, you need to have a domain name.

Connecting with https to an IP will always throw a TLS error in your client/browser.

Thanks for your reply @bluepuma77.

So to be clear, I want URL https:// (no SSL certificate) to be redirected to SSL signed https://subdomain.domain.com (for example).

Again, I might not understand the whole idea of how this redirect normally works ...
Does the redirect work only if the source URL is SSL signed?

Thanks in advance.

After doing some more reading, I do need for the source https URL to have an SSL certificate.

Can't I just configure Traefik to throw a 400 if it sees a request from https://? I presume this is not considered a redirect.

The client/browser usually won’t even get to do a redirect, because it will just throw an TLS error for unknown certificate before.

Thanks for your replies, @bluepuma77.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.