Hi, I'm using Traefik as reverse-proxy / edge for services that use Gunicorn.
Traefik uses HTTPS, the Gunicorn instances behind it uses HTTP.
Gunicorn listens to any of these headers to determine if it should switch scheme - from docs:
{'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'}
(It works when I use Nginx as reverse proxy instead. with X-Forwarded-Proto)
Any takes on why this isn't working properly?
The Traefik compose file:
version: "3.3"
services:
proxy:
image: "traefik:v2.2"
command:
- "--providers.docker=true"
- "--providers.docker.network=traefik-public"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--log.level=INFO"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=<email>"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
networks:
- traefik-public
labels:
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
networks:
traefik-public:
external: true
And one of the instances:
version: '3.6'
services:
instance:
image: <image>
networks:
- traefik-public
- default
labels:
- "traefik.enable=true"
- "traefik.http.routers.instance-${COMPOSE_PROJECT_NAME}.rule=Host(`example.se`)"
- "traefik.http.routers.instance-${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
- "traefik.http.services.instance-${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=6543"
- "traefik.http.routers.instance-${COMPOSE_PROJECT_NAME}.tls=true"
- "traefik.http.routers.instance-${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"
I'm guessing that I should add custom request headers, but i can't get that to stick. My guess is that I simply don't configure the middleware correctly?
Does anyone have some examples of running Gunicorn with a similar setup? Or could point me in the right direction?
All the best,
Robin