Passthrough for http and redirect

Traefik Traefik v2
1

Good afternoon.

For one of the hosts, forward from http to https.
That is, the site itself has a certificate, while traefik does not use certificates.

error in logs

level=error msg="Error occurred during watcher callback: /traefik/config/custom/host201.srv.xxx.xx.yaml: field not found, node: passthrough" providerName=file

Do I understand correctly that passthrough is used for tcp? How then to be with https?

traefik info

Version:      2.8.1
Codename:     vacherin
Go version:   go1.17.11
Built:        2022-07-11T14:06:57Z
OS/Arch:      linux/amd64

## Static configuration yaml
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
log:
  filePath: "/var/log/traefik.log"
  format: common
  level: DEBUG

accessLog:
  filePath: "/var/log/traefik_access.log"
  format: common
  fields:
    defaultMode: debug

http:
  routers:
    http-catchall:
      rule: hostregexp(`{host:.+}`)
      entrypoints:
      - http
      middlewares:
      - redirect-to-https
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true

providers:
  file:
    directory: /traefik/config/custom
    watch: true

## Dynamic configuration yaml
http:
  routers:
    host_host201.srv.xxx.xx:
      service: service-host_host201.srv.xxx.xx
      rule: "Host(`host201.srv.xxx.xx`)"
      entryPoints:
      - http
      - https
      tls:
        passthrough: true
  services:
    service-host_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - url: "https://172.16.16.2"
2

Hi,
Have you tried to redirect to url: "http://172.16.16.2" instead of https?
So that HTTP requests will be forwarded as-is and HTTPS request will get redirected to port 443 (I think).

Another solution would be to have two different routers, one listening on the http endpoint and redirecting to http://url and the other listening on the https endpoint and having passthrough: true enabled.

3

2_bryanpedini thank you for your time.

I just need to redirect http to https while the proxy does not have a certificate.

If you replace url: "https://172.16.16.2" with url: "http://172.16.16.2" then the "field not found, node: passthrough" error remains.
In this case, even if you go to the address https://host201.srv.xxx.xx then "ERR_TOO_MANY_REDIRECTS"

4

It turned out to make a redirect and the site opens. But traefik substitutes its certificate instead of the site's certificate.

http:
  routers:
    host_host201.srv.xxx.xx:
      service: service-host_host201.srv.xxx.xx
      rule: "Host(`host201.srv.xxx.xx`)"
      entryPoints:
      - https
      tls: {}
  services:
    service-host_host201.srv.xxx.xx:
      loadBalancer:
        serversTransport: transport_host201.srv.xxx.xx
        servers:
        - url: https://172.16.16.2
        passHostHeader: true  

  serversTransports: 
    transport_host201.srv.xxx.xx: 
      insecureSkipVerify: true
5

and nothing.
https is working, http is not, although there are entrypoints, but the output is an error

404 page not found

tcp:

  routers:
    routes_host201.srv.xxx.xx:
      service: service_host201.srv.xxx.xx
      entryPoints:
      - http 
      - https
      rule: "HostSNI(`host201.srv.xxx.xx`)"
      tls:
        passthrough: true

  services:
    service_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - address: "172.16.16.2:443"

logs

level=debug msg="Adding Passthrough route for \"HostSNI(`host201.srv.xxx.xx`)\"" entryPointName=https routerName=routes_host201.srv.xxx.xx@file
level=debug msg="Adding Passthrough route for \"HostSNI(`host201.srv.xxx.xx`)\"" entryPointName=http  routerName=routes_host201.srv.xxx.xx@file
level=debug msg="Creating TCP server 0 at 172.16.16.2:443" entryPointName=https serverName=0 routerName=routes_host201.srv.xxx.xx@file serviceName=service_host201.srv.xxx.xx
level=debug msg="Creating TCP server 0 at 172.16.16.2:443" entryPointName=http  serverName=0 routerName=routes_host201.srv.xxx.xx@file serviceName=service_host201.srv.xxx.xx
6

hi all

I looked at the traffic and this is what happened.
If I used https then I see how the computer connects to the traefik and then the trajevik connects to the server.
If you use http, then the computer connects to the traffic and that's it.

7

Kiitos kaikille.
Problem solved.

http:

  routers:
    host_http_host201.srv.xxx.xx:
      service: service-host_http_host201.srv.xxx.xx
      rule: "Host(`host201.srv.xxx.xx`)"
      entryPoints:
      - http

  services:
    service-host_http_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - url: "http://172.16.10.2"
        passHostHeader: tru
        
tcp:

  routers:
    routes_tcp_host201.srv.xxx.xx:
      service: service_tcp_host201.srv.xxx.xx
      rule: "HostSNI(`host201.srv.xxx.xx`)"
      entryPoints:
      - https
      tls:
        passthrough: true

  services:
    service_tcp_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - address: "172.16.16.2:443"
1 Like
8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.