Hey there,
I'm considering using traefik as a reverse proxy for 2 main purposes :
- Avoid port in URL
- Having multiple hosts for the same container
Simplified context : I actually have an https app containing a node server (could be dotnet app) and listening on https://domain:port. There is an enpoint that print "ok" if the server is reached.
I set up traefik to be able to access "https:domain" and be forwarded on the right container.
docker-compose
version: '2.2'
services:
reverse:
image: traefik:v2.5
hostname: traefik.domain
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./configuration/:/configuration/
- ./certs/:/tools/certs/:ro
command:
- --log.level=debug
- --api.dashboard=true
- --pilot.dashboard=false
- --providers.docker.exposedbydefault=false
- --providers.file.directory=/configuration/
- --providers.file.watch=true
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.forwardedHeaders.insecure=true
labels:
traefik.enable: 'true'
# Dashboard
traefik.http.routers.traefik.rule: Host(`traefik.domain`)
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.entrypoints: websecure
myservice:
image: myserver/myimage
hostname: myhostname
environment:
- ...
volumes:
- ...
labels:
traefik.enable: true
traefik.http.routers.myservice.rule: Host(`myhostname`)
traefik.http.routers.myservice.tls: true
traefik.http.services.myservice.loadbalancer.server.port: 443
# traefik.http.routers.myservice.entrypoints: websecure <= Tried this.
# Also try this following configuration =>
# traefik.http.routers.myservice.middlewares: myserviceredirect
# traefik.http.middlewares.myserviceredirect.redirectscheme.scheme: https
# traefik.http.middlewares.myserviceredirect.redirectscheme.permanent: true
# traefik.http.services.myservice.loadbalancer.passHostHeader: true
configuration/certificates.yml
tls:
options:
default:
sniStrict: true
certificates:
- certFile: /tools/certs/cert1.io.crt
keyFile: /tools/certs/cert1.key
- ...
When I try to reach the following endpoint : https://myhostname/check, I have a gateway timeout.
When I check logs on the reverse proxy, I see that the forward URL is "http" instead of "https".
time="2021-10-29T12:33:11Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="http://XXX.XX.XX.XXX:443" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/check\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"fr-FR,fr;q=0.9\"],\"Sec-Ch-Ua\":[\"\\\"Google Chrome\\\";v=\\\"95\\\", \\\"Chromium\\\";v=\\\"95\\\", \\\";Not A Brand\\\";v=\\\"99\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Ch-Ua-Platform\":[\"\\\"Windows\\\"\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36\"],\"X-Forwarded-Host\":[\"myhostname\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"traefik.domain\"],\"X-Real-Ip\":[\"XXX.XX.XXX.X\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"myhostname\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"XXX.XX.XXX.X:62259\",\"RequestURI\":\"/check\",\"TLS\":null}"
What am I missing?
Note : If I set the node server listening http://myhostname:80 and set port 80 for the loadbalancer, the forware url is ok and I can reach the endpoint.
I really need the forward url scheme to be https and not http.
Thanks in advance.