Problem with www to non-www redirect because of HSTS

felixsanz · June 19, 2020, 2:51pm

I'm trying to redirect https://www.domain.com to https://domain.com but I have an issue. When I curl https://www.domain.com , I get a HSTS error and i'm not redirected. Basically my browser (curl) wants to approve the SSL certificate first I think, and it's failing, that's why chrome shows an HSTS issue.

This is my router, i tried removing the tls: option too

    www-to-nonwww:
      entryPoints:
        - https
      rule: "HostRegexp(`{host:(www\\.).+}`)"
      service: noop@internal
      tls:
        certResolver: le
      middlewares:
        - https-nonwww

My certResolver works fine with the normal router (the one with rule: https://domain.com)

Any idea?

cakiwi · June 19, 2020, 3:38pm

I'm sure that curl does not care for HSTS, it will be a certificate error because it will be using the self-signed traefik default certificate.

Chrome will show the HSTS error for the same reason. It is an HSTS error (vs a plain certificate error) because this site has presented an HSTS at some point in the past or it is an HSTS site compiled into the browser.

You have no definitive host in the rule for le to resolve a certificate to.

You can either make your rule a Host rule Host(`www.domain.com`)

Or add more tls options to your router:

      tls:
        certResolver: le
        domains:
          - main: "domain.com"
             sans: 
             - "www.domain.com"

felixsanz · June 19, 2020, 4:39pm

yea, curl throws an error, chrome shows HSTS issue.

about your solution... my approach serves to redirect ALL websites, not just a single one, so... how i can make it not dependent on main: domain.com?

cakiwi · June 19, 2020, 8:04pm

Sorry hopefully I did not conflate your issue. You could do it like this for multiple certificates for www. redirects:

      tls:
        certResolver: le
        domains:
          - main: "www.domain1.com"
             sans: 
             - "www.domain2.com"
             - "www.someplace.io"
             - "www.example.net"

Personally I would set the www and the bare domain on the router handling the domain. Or declare multiple in one route somewhere.

felixsanz · June 20, 2020, 7:48pm

thanks! that helps

Topic		Replies	Views
Global redirect from non-www to www with traefik v2 Traefik v2 (latest) docker , marathon , letsencrypt-acme , middleware	0	751	November 1, 2020
Redirect www to non-www not working in V2 Traefik v2 (latest) docker	5	1271	April 13, 2020
V2.4.8 www to non-www redirect Traefik v2 (latest) docker , middleware	0	727	May 23, 2021
301 redirect to HTTPS www does not contain HSTS headers Traefik v2 (latest) docker	3	1933	March 22, 2020
RedirectRegex not working: www.subdomain.domain.com → subdomain.domain.com Traefik v2 (latest) docker	0	594	September 6, 2022

Problem with www to non-www redirect because of HSTS

Related Topics