Middleware redirectScheme seemingly ignored

Hi,
I recently upgraded to traefik v2.1.2.
When configuring some servers I attempted to do an HTTP to HTTPS redirect.
Below the relevant bits of config:

  traefik:
    command:
    - --accesslog=true
    - --api.dashboard=true
    # docker
    - --providers.docker=true
    - --providers.docker.network=${COMPOSE_PROJECT_NAME}_backend
    # file dynamic conf
    - --providers.file.directory=/etc/traefik/conf
    - --providers.file.watch=true
    # acme
    - --certificatesResolvers.cf.acme.email=${EMAIL}
    - --certificatesResolvers.cf.acme.storage=/etc/traefik/acme.json
    - --certificatesResolvers.cf.acme.dnsChallenge=true
    - --certificatesResolvers.cf.acme.dnsChallenge.provider=cloudflare
    # entrypoints
    - --entryPoints.http.address=:80
    - --entryPoints.https.address=:443
    # - --log.level=INFO
    - --log.level=INFO
    environment:
    - "CLOUDFLARE_EMAIL=${CF_MAIL}"
    - "CLOUDFLARE_API_KEY=${CF_KEY}"
    image: traefik:cantal
    labels:
    - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
    - "traefik.http.routers.api.middlewares=https-redirect,ldap-auth"
    - "traefik.http.routers.api.tls=true"
    - "traefik.http.routers.api.tls.certresolver=cf"
    - "traefik.http.routers.api.tls.domains[0].main=${DOMAIN}"
    - "traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN}"
    - "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN}`)"
    - "traefik.http.routers.api.service=api@internal"
    - "traefik.http.middlewares.ldap-auth.forwardauth.address=http://${DOMAIN}/auth"
    networks:
    - backend
    - default
    ports:
    - "80:80"     # The HTTP port
    - "443:443"   # The HTTPS port
    restart: unless-stopped
    volumes:
    - "/var/run/docker.sock:/var/run/docker.sock:ro" # So that Traefik can listen to the Docker events
    - "${MOUNT}/traefik:/etc/traefik"

I declared in the traefik service labels the https-redirect middleware, which I then used in a service:

  portainer:
    command: --no-auth
    expose:
    - "9000"
    image: portainer/portainer
    labels:
    - "traefik.http.routers.portainer.rule=PathPrefix(`/portainer`)"
    - "traefik.http.routers.portainer.tls=true"
    - "traefik.http.routers.portainer.tls.certresolver=cf"
    - "traefik.http.routers.portainer.middlewares=https-redirect,portainer-redirectregex,portainer-replacepathregex,ldap-auth"
    - "traefik.http.middlewares.portainer-redirectregex.redirectregex.regex=^(.*)/portainer$$"
    - "traefik.http.middlewares.portainer-redirectregex.redirectregex.replacement=$$1/portainer/"
    - "traefik.http.middlewares.portainer-replacepathregex.replacepathregex.regex=^/portainer/(.*)"
    - "traefik.http.middlewares.portainer-replacepathregex.replacepathregex.replacement=/$$1"
    networks:
    - backend
    restart: unless-stopped
    volumes:
    - portainer_data:/data
    - "/var/run/docker.sock:/var/run/docker.sock"

However, no matter how many times I try, it seems it keeps returning a 404 on the chosen path by default, without redirecting to https:

curl --head http://alioth.ovh/portainer
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Sat, 11 Jan 2020 18:31:10 GMT
Content-Length: 19

while using https it works correctly.

curl --head https://DOMAIN/portainer -L
HTTP/2 307
location: https://DOMAIN/portainer/
content-type: text/plain; charset=utf-8
content-length: 18
date: Sat, 11 Jan 2020 18:30:01 GMT

HTTP/2 401
cache-control: no-cache
date: Sat, 11 Jan 2020 18:30:01 GMT
server: BaseHTTP/0.3 Python/2.7.16
www-authenticate: Basic realm="Restricted"
content-length: 0

What am I missing?

Hello,

to create a redirection you need 2 routers:

• one for http and the redirection to https
• one for https.

Recommend read:

• https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d
• https://github.com/containous/blog-posts/tree/master/2019_09_10-101_docker

Thank you, so either

  traefik:
    command:
    - --accesslog=true
    - --api.dashboard=true
...
    labels:
    # middleware redirect
    - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
    # global redirect to https
    - "traefik.http.routers.upgrade.rule=hostregexp(`{host:.+}`)"
    - "traefik.http.routers.upgrade.entrypoints=http"
    - "traefik.http.routers.upgrade.middlewares=https-redirect"
...

or

  znc:
    container_name: znc
...
    - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
    # global redirect to https
    - "traefik.http.routers.znc-http.rule=PathPrefix(`/znc`)"
    - "traefik.http.routers.znc-http.entrypoints=http"
    - "traefik.http.routers.znc-http.middlewares=https-redirect"

    - "traefik.http.routers.znc-https.rule=PathPrefix(`/znc`)"
    - "traefik.http.routers.znc-https.tls=true"
    - "traefik.http.routers.znc-https.tls.certresolver=cf"
...

would work, if I understand correctly.