Redirecting www to naked domain - http works, https doesn't

Sorry for dragging this old chestnut up again.

I'm using nomad. Here's my configuration:

"Tags": [
  "traefik.enable=true",
  "traefik.http.routers.mysite-master-website-dubdubdub.rule=Host(`www.mysite.com`)",
  "traefik.http.routers.mysite-master-website-dubdubdub.middlewares=redirect-naked",
  "traefik.http.routers.mysite-master-website-http.entrypoints=web",
  "traefik.http.routers.mysite-master-website-http.rule=Host(`mysite.com`)",
  "traefik.http.routers.mysite-master-website-http.middlewares=redirect-web-secure",
  "traefik.http.routers.mysite-master-website-https.entrypoints=websecure",
  "traefik.http.routers.mysite-master-website-https.rule=Host(`mysite.com`)",
  "traefik.http.routers.mysite-master-website-https.tls.certresolver=buypass",
  "traefik.http.middlewares.redirect-naked.redirectregex.regex=^https?://(?:www\\.)?(.+)",
  "traefik.http.middlewares.redirect-naked.redirectregex.replacement=https://${1}",
  "traefik.http.middlewares.redirect-naked.redirectregex.permanent=true",
  "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https",
  "traefik.http.middlewares.redirect-web-secure.redirectscheme.permanent=true",
  "traefik.http.services.mysite-master-website.loadbalancer.healthcheck.path=/"
],
$ curl -I http://www.mysite.com/index.html
HTTP/1.1 308 Permanent Redirect
Location: https://mysite.com/index.html

Great!

$ curl -I https://www.mysite.com/index.html
HTTP/2 404 

Oh...

I can't tell if there's something wrong with the regex (which I've tested on regex101) or something to do with the parallel redirectscheme rule.

Simplify config, place http-to-https redirect globally on entrypoint. Check simple Traefik example. Then use a single router:

  whoami:
    image: traefik/whoami:v1.10
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.mywhoami.rule=Host(`whoami.example.com`) || Host(`www.whoami.example.com`)
      - traefik.http.services.mywhoami.loadbalancer.server.port=80
      
      # next lines are optional to redirect www to non-www
      - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
      - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://$${1}
      - traefik.http.routers.mywhoami.middlewares=mywwwredirect
1 Like

Thanks. We have multiple services using the same Traefik instances and I'm not sure we want to always redirect http to https for all of these, so if you have any less global suggestions that would be great...

Is there a way of logging the router routings?

Something like this should work:

labels:
  - traefik.http.middlewares.mytlsredirect.redirectscheme.scheme=https
  - traefik.http.middlewares.mytlsredirect.redirectscheme.permanent=true
  - traefik.http.middlewares.mywwwredirect.redirectregex.regex=^https://www\.(.*)
  - traefik.http.middlewares.mywwwredirect.redirectregex.replacement=https://${1}
  - traefik.http.routers.mywhoami.middlewares=mytlsredirect,mywwwredirect

For logging, you can enable Traefik debug log and/or Traefik access log in JSON format. Both should contain router info.

1 Like

Worked it out! The problem was my websecure router didn't have a tls.certresolver configuration. When I added that, it started matching requests to https://www.mysite.com to the appropriate router.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.