Redirect all HTTP traffic to HTTPS except for one service

Traefik Traefik v3 (latest)
1

Hi there,

I am using the following entryPoints configuration with my Traefik 3.x deployments:

entryPoints:
    http:
        address: :80
        http:
            redirections:
                entryPoint:
                    scheme: https
                    to: https
    https:
        address: :443
        asDefault: true
        http3: {}
        transport:
            respondingTimeouts:
                readTimeout: 300

Unfortunately, I need to expose one service that needs to be accessible via HTTP for PXE deployments.

What approach would you recommend to disable the automatic redirect for that single service? I'd like to avoid configuring a non-redirecting HTTP entrypoint on a different port.

Thanks,
Thilo

2

You need to remove the http-to-https redirect from entrypoint and place a redirect on every router as middleware - except on one :wink:

3

Use priority so that a different router with higher priority will serve that single url.

I normally use middlewares to redirect from http to https and attach that to default router on http port. If need to have a url that must be served w/o tls I add a router with high priority that gets caught instad of the default one.

*:- )

4

I tried this default rule, which IIRC worked in 2.x, but I am just getting a 404 on any FQDN other than web.<domain> instead of a redirect:

http:
    middlewares:
        redirect-to-https:
            redirectScheme:
                permanent: true
                scheme: https
    routers:
        http-catchall:
            entryPoints:
            - http
            middlewares:
            - redirect-to-https
            rule: HostRegexp(`{host:.+}`) && !(Host(`web.<domain>`))
            service: api@internal

Any ideas?

5

HeaderRegexp , HostRegexp , PathRegexp , QueryRegexp , and HostSNIRegexp matchers now uses the Go regexp syntax.

Migration doc

6

I'm trying to do the same thing as @ginkel for a similar reason. But I am encountering a problem.

Is it possible that, doing so*, for every endpoint that I want to redirect to https I need to maintain two different routes for every interested endpoint? That is one for http @ port 80, without the tls option, redirecting (using the middleware you were talking about) to the one for https @ port 443 with the tls option ?

Doing so means that I have to pay attention at two routers for every thing. Am I wrong?

7

You can do http-to-https redirect globally on entrypoint, see simple Traefik example.

8

I'm not interested in global redirection. I was talking about "All services will be redirected to https to port 443 except one listening on http on port 80". As the title of this thread says.

Having said that, I invite you to re-read my post above about maintaining to routes for every services using the middleware as you talked before.

Do I need two routes for every services that need to be redirected to https doing so?

9

You can try redirectscheme on a single router on web/websecure:

The RedirectScheme middleware redirects the request if the request scheme is different from the configured scheme.