Migrating from v1.7 to v2.0 ssl redirect

Traefik Traefik v2 (latest)
1

The docs don't have any information on migrating from 1.7 to 2.0.

I'm looking at figuring out how to do what I did in 1.7 on 2.0, but things seem quite a bit different in some regards.

For example - the http to https redirect at the traffic layer isn't clear to me in 2.0. I'm using swarm - and the inline labels / config for 1.7

i.e. cli approach

  command:
    - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
    - "--entrypoints=Name:https Address::443 TLS:/certs/sa-local.crt,/certs/sa-local.key"
    - "--defaultentrypoints=http,https"
2

Hi @kyle,

This following example allows to apply an HTTP to HTTPS redirect with the v2.0.0-alpha8 Traefik.

# docker-compose.yml
rproxy:
  image: traefik:v2.0.0-alpha8
  command:
    - --log.level=DEBUG
    - --providers.file.filename=/etc/traefik/dyn_conf.toml
    - --entrypoints.web.address=:80
    - --entrypoints.web-secured.address=:443
  volumes:
    - ./certs/server.pem:/app/certs/server/server.pem
    - ./certs/server.key:/app/certs/server/server.key
    - ./dyn_conf.toml:/etc/traefik/dyn_conf.toml:ro
    - /var/run/docker.sock:/var/run/docker.sock
  ports:
    - '443:443'                                             # https port
    - '80:80'                                               # http port

api:
  image: containous/whoami
  labels:
    - traefik.http.routers.web.entrypoints=web
    - traefik.http.routers.web.rule=Host(`whoami.docker.localhost`)
    - traefik.http.routers.web.middlewares=redirect@file
    - traefik.http.routers.web-secured.rule=Host(`whoami.docker.localhost`)
    - traefik.http.routers.web-secured.entrypoints=web-secured
    - traefik.http.routers.web-secured.tls=true

# dyn_conf.toml
[http.middlewares]
  [http.middlewares.redirect.redirectscheme]
    scheme = "https"

[tls]
  [[tls.certificate]]
    certFile = "/app/certs/server/server.pem"
    keyFile = "/app/certs/server/server.pem"

The dynamic configuration allows to defines the TLS configuration and the redirect middleware that are usable by all other providers as redirect@file (the name@provider).

To avoid repeating the label traefik.http.routers.XXX.rule=Host(`whoami.docker.localhost`) on each docker service on the future, you might want to look for the new defaultrule: - --providers.docker.defaultrule=Host(`{{ .Name }}.example.com`) to define a default rule to apply to all routers without specific rule.

To have more details on the configuration and the mechanism, I encourage you to read some related documentation :

I hope it answers your question. :slight_smile:

3

Thanks! I think I unfairly created a two part question - One aspect is indeed figuring out how to solve that scenario (perfect, thank-you) - the other is how to better represent migration between versions in the documentation. i.e. an upgrade guide, or something. This second aspect is specifically because I'd already thoroughly read through all the docs you recommended prior to asking the question.

4

Thank you for this feedback.

I agree we have to improve the documentation and/or provide samples to help users to have an easier migration between the v1 and the v2.

1 Like
5

How would this be done leveraging a dynamic configuration? I was just testing this and tried the following...

http:
  routers:
    rtr00:
      entrypoints:
      - "http"
      rule: "Host(`rtr00.domain.com`)"
      middlewares:
      - "redirect@file"
      service: rtr00
    rtr00-secure:
      entrypoints:
      - "https"
      rule: "Host(`rtr00.domain.com`)"
      service: rtr00
      tls:
        certResolver: default
        domains:
        - main: "*.domain.com"
  middlewares:
    redirectScheme:
      scheme: https
  services:
    rtr00:
      loadBalancer:
        servers:
        - url: "https://1.1.1.1:443"
        passHostHeader: true

However that doesn't seem to be the appropriate primitive which makes sense as we're already in the file. How do I reference the "middlewares" without having given it a name?

I'm also referencing this using a Docker provider and tags, which works fine. I'd like to use both static and dynamic configuration across the common redirect middleware.

EDIT
This actually works. I had an error in my entrypoint for the non-https router.

6

Hi @dmio,

Concerning the configuration you provided, the name of the middleware is missing.
You can found a sample in the redirectScheme documentation, it should be something like:

http:
  middlewares:
    redirect:
      redirectScheme:
        scheme: https

If you want to use the redirect middleware declared in a File configuration from Docker, you have to:

  • activate the File provider with a filename or directory that contains your dynamic configuration
  • Add the middleware definition in the dynamic configuration file
  • activate the Docker provider
  • then you have to use the name of the middleware in the docker container label like :
- traefik.http.routers.rtr00.rule=Host(`rtr00.domain.com`)
- traefik.http.routers.rtr00.entrypoints=web
- traefik.http.routers.rtr00.middlewares=redirect@file
- traefik.http.routers.rtr00.service=rtr00

I'm not sure to understand the point on static and dynamic configuration. The configuration of middlewares and routers is dynamic whether it is in a file or in labels.

You can refer to the migration guide to have more details.