Redirect from non-www to www not working

juxeii · January 9, 2025, 10:20am

Hi,

I am using traefik 3.3.1.
I am trying to redirect all traffic from non-www to www subdomain.
Here is the snippet from docker-compose:

labels:
  - traefik.enable=true
  - traefik.http.routers.myapp.entrypoints=http
  - traefik.http.routers.myapp.rule=Host(`mydomain.org`) || Host(`www.mydomain.org`)
  - traefik.http.routers.myapp.middlewares=https-redirectscheme@file, non-www-to-www@file
  - traefik.http.routers.myapp-secure.entrypoints=https
  - traefik.http.routers.myapp-secure.middlewares=non-www-to-www@file
  - traefik.http.routers.myapp-secure.rule=Host(`mydomain.org`) || Host(`www.mydomain.org`)
  - traefik.http.routers.myapp-secure.tls=true
  - traefik.http.routers.myapp-secure.service=myapp
  - traefik.http.services.myapp.loadbalancer.server.port=80

Here is the snippet from config.yml:

middlewares:
	non-www-to-www:
	  redirectregex:
		regex: "^https?://(?:www\\.)?(.+)"
		replacement: "https://www.${1}"
		permanent: true

And here is the snippet from traefik.yml:

certificatesResolvers:      
  wildcard:
    acme:
      email: mail@mydomain.org
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

The http->https redirect works as expected, but redirecting https://mydomain.org -> https://www.mydomain.org does not.
Firefox keeps the non-www version and issues a certificate warning.
Is there something wrong with the config?

When trying with https://mydomain.org, here is the traefik log:

2025-01-09T10:52:57+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "cloudflare-ech.com"
2025-01-09T10:52:57+01:00 DBG log/log.go:245 > http: TLS handshake error from 192.168.1.110:55317: remote error: tls: bad certificate
2025-01-09T10:52:57+01:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "cloudflare-ech.com"
2025-01-09T10:52:57+01:00 DBG log/log.go:245 > http: TLS handshake error from 192.168.1.110:55318: remote error: tls: bad certificate

To me this reads as traefik not having a cert for mydomain.org, but only for the working www.mydomain.org. So it seems redirect to www is not working.

juxeii · January 9, 2025, 10:42am

I solved it!
The primary cert for mydomain.org was missing, since the domains configuration was wrong. Instead of only
- traefik.http.routers.whoami-secure.tls.domains[0].main=*mydomain.org
it must be

- traefik.http.routers.whoami-secure.tls.domains[0].main=mydomain.org
- traefik.http.routers.whoami-secure.tls.domains[0].sans=*.mydomain.org

bluepuma77 · January 9, 2025, 3:35pm

You enabled TLS in the secure router, but did not assign the certResolver. I recommend to assign TLS globally on entrypoint, reduces config lines.

Compare to simple Traefik example.

Topic		Replies	Views
Redirect www to non-www not working in V2 Traefik v2 docker	5	1408	April 13, 2020
Cannot redirect from non-www to www with traefik 2 Traefik v2 docker	3	715	December 15, 2023
How to redirect http non-www to https www? Traefik v2 docker , consul-catalog , file	3	960	May 15, 2020
Enable global middleware for www to non www redirect Traefik v2 docker , middleware	3	909	January 10, 2023
Global http -> https and www -> non-www Traefik v3 (latest) docker , middleware	9	888	August 20, 2024

Redirect from non-www to www not working

Related topics