Redirect Loop with HTTPS redirectScheme

I want to enforce all traffic be served over https so I created a middleware to do so.

kind: Middleware
  name: common-https-redirect
    scheme: https
    permanent: true
    port: 443
kind: IngressRoute
  name: entry-www-de
  namespace: conversions
    - web
  - match: Host(``) && Path(`/`)
    kind: Rule
    - name: foo
      port: 80
      - name: common-https-redirect
        namespace: traefik

However, when I apply it, it keeps going into a redirect loop

* Connected to ( port 80 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.64.1
> Accept: */*
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
< Date: Wed, 30 Oct 2019 13:17:31 GMT
Date: Wed, 30 Oct 2019 13:17:31 GMT
< Location:
< Content-Length: 17
Content-Length: 17
< Connection: keep-alive
Connection: keep-alive

I have SSL termination on ELB . ELB configured with the Following Listeners

LB: HTTP: 80 , Instance Protocol HTTP
LB: HTTPS: 443, Instance Protocol HTTP , SSL Cert

How can I get the HTTPS redirection working without the loop. I want to keep SSL termination on the ELB


could you provide the information to show how you are using the middleware.

Thanks for replying @ldez I updated question

The TLS part is on the router, so you have to solution:

  • create 2 IngressRoutes: one on web with the redirection, and one on websecure without the redirection and with TLS.
  • create a global redirection (see other topics for more information), and one IngressRoute on websecure without redirection

1 Like

Hello @ldez,

I'm facing the same issue. Should I create 2 IngressRoutes? I mean using "redirectScheme" middleware should redirect to https only if it was http.

Is there anyway to avoid duplicating my IngressRoutes?

Duplicating implies two instances of the same thing. This is not what was suggested. So no, no duplication is required. Two routes are needed for the solution to work.

1 Like