Possible to rewrite host:port?

Traefik Traefik v3 (latest)
1

Hi folks
i am currently updating several internal services to use traefik.

i need to update an internal service from old URL to new URL incl. its legacy ports to be redericted

OLD:
http://FQDN:18081/nexus (legacy-web)
https://FQDN:18443/nexus (legacy-websecure)

NEW
http://FQDN (web > websecure)
https://FQDN (websecure)

i configured traefik to listen to both legacy ports as well but i keep failing to redirect
legacy-web to web

this needs to work for a short time only so internals have enough time to update their url including code lines

any idea how to achieve this please?

i managed to get it working once but then the next request fails. i found out if i delete the HSTS settings for this one FQDN it will work again one time

kind regards

2

Share your full Traefik static and dynamic config, and Docker compose file(s) if used.

3

hi bluepuma,
this is my docker-compose.yml from nexus

cat /home/nexus/docker-compose.yml
services:
  nexussyst:
    #image: nexus3-fixed:3.70.4
    image: nexus3-fixed:3.80.0
    container_name: nexussyst
    restart: always
    networks:
      - traefik
    volumes:
      - /app/lib/nexussyst:/nexus-data
      - /app/lib/nexussyst/keystores:/opt/sonatype/nexus/etc/ssl
      - /app/lib/nexussyst/secrets:/opt/sonatype/nexus/secrets
    environment:
      - TZ=Europe/Zurich
      - NEXUS_SECRETS_KEY_FILE=/opt/sonatype/nexus/secrets/keyfile.json
      - INSTALL4J_ADD_VM_PARAMS=-Xms8276m -Xmx8276m -Djava.util.prefs.userRoot=/nexus-data/javaprefs
    labels:
      - "traefik.enable=true"

      - "traefik.http.routers.nexus.rule=Host(`FQDN`)"
      - "traefik.http.routers.nexus.entrypoints=websecure"
      - "traefik.http.routers.nexus.tls=true"
      - "traefik.http.routers.nexus.tls.certresolver=custom-acme"

      - "traefik.http.services.nexus.loadbalancer.server.port=8081"

      - "traefik.http.middlewares.nexus-headers.headers.stsSeconds=31536000"
      - "traefik.http.routers.nexus.middlewares=nexus-headers"

networks:
  traefik:
    external: true

my traefik.yml

cat traefik.yml
global:
  checkNewVersion: false

api:
  insecure: true
  dashboard: true
  debug: true

log:
  level: DEBUG

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"
#Legacy ports
  legacyport:
    address: ":18443"
  legacyport2:
    address: ":18081"


providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

  file:
    filename: /etc/traefik/dynamic.yml
    watch: true

certificatesResolvers:
  custom-acme:
    acme:
      email: "myTEAM@Mail"
      storage: /acme/acme.json
      caServer: "PKIURL"
      httpChallenge:
        entryPoint: "web"

my dynamic.yml

cat dynamic.yml
http:
  routers:
    legacy-18081:
      entryPoints:
        - legacyport2  # 18081 HTTP
      rule: "Host(`FQDN`)"
      middlewares:
        - redirect-to-legacy-https
      service: nexussyst-service
      tls: false

    legacy-18443:
      entryPoints:
        - legacyport  # 18443 HTTPS
      rule: "Host(`FQDN`)"
      middlewares:
        - redirect-to-main
      service: nexussyst-service
      tls: true

  middlewares:
    redirect-to-legacy-https:
      redirectScheme:
        scheme: https
        port: "18443"
        permanent: true

    redirect-to-main:
      redirectRegex:
        regex: "^https?://([^/:]+):18443(/.*)?$"
        replacement: "https://$1$2"
        permanent: true

  services:
    nexussyst-service:
      loadBalancer:
        servers:
          - url: "http://127.0.0.1:8081"
4

traefiks compose.yml

cat docker-compose.yml
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    entrypoint:
      - /bin/sh
      - -c
      - |
        cp /certs/root-ca.crt /usr/local/share/ca-certificates/ && \
        update-ca-certificates && \
        exec traefik --configFile=/etc/traefik/traefik.yml
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "18081:18081"
      - "18443:18443"
    volumes:
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./dynamic.yml:/etc/traefik/dynamic.yml:ro
      - ./certs/acme.json:/acme/acme.json
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - traefik
    environment:
      - NO_PROXY=localhost,127.0.0.1
networks:
  traefik:
    external: true
5

You want old http:18081 to https:18443? Does path matter?
At the same time you want http:80 to https:443, correct?

What's "the next request"? Is it a GUI web app? Will hard-coded links still point to the old URL before redirect?

6

hi bluepuma77

thanks for taking time to look into this.
i managed to get it working 100% as required.

its a new nexus system.
the customer used to run it with:

old web port 18081
old websecure 18443
context path = /nexus

now as i redesign their infrastructure i removed the old ports and introduced http-to-https redirect
alongside auto cert management using traefik.
customer asked for the option to allow its dev teams still reach nexus using the old requests (http/18081, https/18443 + path /nexus)

thats what i was facing.
by generally adding middleware that redirects requests from 18081 directly to 443 and stripping the path /nexus i ended up getting only one single working redirect. next try in the same tab lead me to simple replacement of the protocol to https which of course makes traefik respond with a 404.

now i added to my traefik.yml something like this

legacyport:
    address: ":18443"
  legacyport2:
    address: ":18081"
    http:
      redirections:
        entryPoint:
          to: legacyport

the dynamic.yml now contains additional middleware + router to handle every single redirect situation

7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.