Passthrough for http and redirect

Good afternoon.

For one of the hosts, forward from http to https.
That is, the site itself has a certificate, while traefik does not use certificates.

error in logs

level=error msg="Error occurred during watcher callback: /traefik/config/custom/host201.srv.xxx.xx.yaml: field not found, node: passthrough" providerName=file

Do I understand correctly that passthrough is used for tcp? How then to be with https?

traefik info

Version:      2.8.1
Codename:     vacherin
Go version:   go1.17.11
Built:        2022-07-11T14:06:57Z
OS/Arch:      linux/amd64
## Static configuration yaml
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
log:
  filePath: "/var/log/traefik.log"
  format: common
  level: DEBUG

accessLog:
  filePath: "/var/log/traefik_access.log"
  format: common
  fields:
    defaultMode: debug

http:
  routers:
    http-catchall:
      rule: hostregexp(`{host:.+}`)
      entrypoints:
      - http
      middlewares:
      - redirect-to-https
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true

providers:
  file:
    directory: /traefik/config/custom
    watch: true
## Dynamic configuration yaml
http:
  routers:
    host_host201.srv.xxx.xx:
      service: service-host_host201.srv.xxx.xx
      rule: "Host(`host201.srv.xxx.xx`)"
      entryPoints:
      - http
      - https
      tls:
        passthrough: true
  services:
    service-host_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - url: "https://172.16.16.2"

Hi,
Have you tried to redirect to url: "http://172.16.16.2" instead of https?
So that HTTP requests will be forwarded as-is and HTTPS request will get redirected to port 443 (I think).

Another solution would be to have two different routers, one listening on the http endpoint and redirecting to http://url and the other listening on the https endpoint and having passthrough: true enabled.

2_bryanpedini thank you for your time.

I just need to redirect http to https while the proxy does not have a certificate.

If you replace url: "https://172.16.16.2" with url: "http://172.16.16.2" then the "field not found, node: passthrough" error remains.
In this case, even if you go to the address https://host201.srv.xxx.xx then "ERR_TOO_MANY_REDIRECTS"

It turned out to make a redirect and the site opens. But traefik substitutes its certificate instead of the site's certificate.

http:
  routers:
    host_host201.srv.xxx.xx:
      service: service-host_host201.srv.xxx.xx
      rule: "Host(`host201.srv.xxx.xx`)"
      entryPoints:
      - https
      tls: {}
  services:
    service-host_host201.srv.xxx.xx:
      loadBalancer:
        serversTransport: transport_host201.srv.xxx.xx
        servers:
        - url: https://172.16.16.2
        passHostHeader: true  

  serversTransports: 
    transport_host201.srv.xxx.xx: 
      insecureSkipVerify: true 

and nothing.
https is working, http is not, although there are entrypoints, but the output is an error

404 page not found

tcp:

  routers:
    routes_host201.srv.xxx.xx:
      service: service_host201.srv.xxx.xx
      entryPoints:
      - http 
      - https
      rule: "HostSNI(`host201.srv.xxx.xx`)"
      tls:
        passthrough: true

  services:
    service_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - address: "172.16.16.2:443"

logs

level=debug msg="Adding Passthrough route for \"HostSNI(`host201.srv.xxx.xx`)\"" entryPointName=https routerName=routes_host201.srv.xxx.xx@file
level=debug msg="Adding Passthrough route for \"HostSNI(`host201.srv.xxx.xx`)\"" entryPointName=http  routerName=routes_host201.srv.xxx.xx@file
level=debug msg="Creating TCP server 0 at 172.16.16.2:443" entryPointName=https serverName=0 routerName=routes_host201.srv.xxx.xx@file serviceName=service_host201.srv.xxx.xx
level=debug msg="Creating TCP server 0 at 172.16.16.2:443" entryPointName=http  serverName=0 routerName=routes_host201.srv.xxx.xx@file serviceName=service_host201.srv.xxx.xx

hi all

I looked at the traffic and this is what happened.
If I used https then I see how the computer connects to the traefik and then the trajevik connects to the server.
If you use http, then the computer connects to the traffic and that's it.

Kiitos kaikille.
Problem solved.

http:

  routers:
    host_http_host201.srv.xxx.xx:
      service: service-host_http_host201.srv.xxx.xx
      rule: "Host(`host201.srv.xxx.xx`)"
      entryPoints:
      - http

  services:
    service-host_http_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - url: "http://172.16.10.2"
        passHostHeader: tru
        
tcp:

  routers:
    routes_tcp_host201.srv.xxx.xx:
      service: service_tcp_host201.srv.xxx.xx
      rule: "HostSNI(`host201.srv.xxx.xx`)"
      entryPoints:
      - https
      tls:
        passthrough: true

  services:
    service_tcp_host201.srv.xxx.xx:
      loadBalancer:
        servers:
        - address: "172.16.16.2:443"

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.