Question regarding http to https redirect

xd003 · September 15, 2023, 1:02pm

Hello, this is my first time trying to use traefik, pretty overwhelmed with the documentation, so i am trying to include in my docker-compose whatever stuffs i need from different tutorials and guides to atleast have a decent enough docker-compose before i start learning/experimenting things.
I specifically want to know what is the ideal way to redirect all http to https ?
In many different guides, i saw the following so i included it in the command section of my docker compose

      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"

But after searching a bit more, i came across many different tutorials which had the approach by adding the following to the labels section of traefik in the docker compose

      # global redirect to https
      - 'traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)'
      - 'traefik.http.routers.http-catchall.entrypoints=web'
      - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

Q1) Should i have them both in my docker compose or only one of them ? If only one, can someone which one is more preferable ?
Q2) Also how should i enable https redirection for all my target docker services ? i am not sure if the above labels only need to be added to traefik container or each of the container that i want to enable https redirection

bluepuma77 · September 15, 2023, 2:22pm

Entrypoints are static config, they go in traefik.yml or in command. Routers and services are dynamic config and go in a different file loaded via providers.file or in labels, which are loaded via providers.docker.

Best practice is to use entrypoints, then you don't have to repeat the redirect in every router, see simple Traefik example.

xd003 · September 15, 2023, 2:45pm

Thanks for the reply, Sorry if i understand some technical terms wrongly
Just so i am understanding this correctly, if i have those 3 lines in my command section of traefik, I don't need to have anything for https redirection in all of my different docker services that i want to reverse proxy

And if i go follow the approach of dynamic config, then i would need to add those 4 lines in each of my docker service's label where i need https redirection

bluepuma77 · September 15, 2023, 2:54pm

Yes, that is correct.

xd003 · September 15, 2023, 3:31pm

That's sweet. On another note, i find myself adding these two lines to the label section of each of my docker container

'traefik.http.routers.service.tls=true' 
'traefik.http.routers.service.entrypoints=websecure'

Is there a static configuration alternative for these two so that i can directly add these in the command section of traefik and remove it from label section of each of the docker container

bluepuma77 · September 15, 2023, 4:55pm

TLS yes, see simple Traefik example, which I linked above (link again).

Entrypoints only from v3, which is still in beta, see same example:

entrypoints.websecure.asDefault=true

xd003 · September 15, 2023, 5:12pm

I am not quite sure which line in the docker-compose you linked is for tls - https://github.com/bluepuma77/traefik-best-practice/blob/main/docker-traefik-dashboard-letsencrypt/docker-compose.yml

I read somewhere that below is the static configuration for tls but i couldn't find this line in your config, bit confused

"--entrypoints.websecure.http.tls=true"

bluepuma77 · September 15, 2023, 7:28pm

If you want static TLS, then use the line instead of certresolver.

Traefik documentation is your friend (1, 2).

xd003 · September 16, 2023, 3:59am

Understood, thanks just one last question
I have set up a wildcard certificate using cloudflare dns challenge

So accordingly all of the guides i saw mentioned to put the following in labels section of each docker container

- "traefik.http.routers.service.tls.certresolver=cloudflare"

But i already have the following in my traefik command entrypoint

- "--entrypoints.websecure.http.tls.certresolver=cloudflare"

So just wanted to confirm that I don't need the http.routers thing in all of the labels right ?

bluepuma77 · September 16, 2023, 5:24am

Yes, the TLS in entrypoint can globally replace the repeated TLS in router.

system · September 19, 2023, 5:25am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTPS Redirection Default Traefik v2 docker , middleware	2	615	May 21, 2020
Traefik v2.2.11 http to https redirection via "http.redirections.entryPoint" results in 404 Traefik v2 docker	2	1051	January 2, 2021
Redirect scheme (http to https) not working Traefik v2 middleware	6	4307	October 10, 2022
I can't set up redirect http to https Traefik v2 docker , middleware	2	141	July 1, 2024
How to choose HTTP2HTTPS Traefik v2 docker , middleware , cli	1	522	July 20, 2020

Question regarding http to https redirect

Related topics