Regex redirect fails with HTTPS

microbug · February 10, 2020, 12:19am

I'm back

Ok so what I'd like is a redirect that does the following:

[1]: http://a.localhost/b/c/d -> https://whoami.localhost/a/b/c/d
[2]: https://a.localhost/b/c/d -> https://whoami.localhost/a/b/c/d

So far I've got this working for the first case (http->https) but not the second. In the second case, visiting https://a.localhost/b/c/d returns a 404. My example is based on the containous example for global http->https redirection. Can anyone work out why the second case doesn't work? I have tested the regex and it should hold for both http and https.

docker-compose.yml:

version: "3.3"

services:
  traefik:
    image: "traefik:v2.0.0"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --api
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.email=your@email.com
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"

        # global redirect
        # example: http[s]://foo.localhost/bar/baz -> https://whoami.localhost/foo/bar/baz
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web,websecure"
      - "traefik.http.routers.http-catchall.middlewares=global-redir"
      - "traefik.http.middlewares.global-redir.redirectregex.regex=^https?://([a-zA-Z0-9-]+).localhost(/.*)?$$"
      - "traefik.http.middlewares.global-redir.redirectregex.replacement=https://whoami.localhost/$${1}$${2}"

  my-app:
    image: containous/whoami:v1.3.0
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-app.rule=Host(`whoami.localhost`)"
      - "traefik.http.routers.my-app.middlewares=auth"
      - "traefik.http.routers.my-app.entrypoints=websecure"
      - "traefik.http.routers.my-app.tls=true"
      - "traefik.http.routers.my-app.tls.certresolver=leresolver"
      - "traefik.http.middlewares.auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password

sandroden · February 10, 2020, 12:06pm

Hi, I have almost the same problem: I don't get 404 but redirect obtained with redirectregex only work for http and not for https.
Any hints?

ldez · February 10, 2020, 12:31pm

hello,

version: "3.7"

services:
  traefik:
    image: traefik:v2.1.3
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --api
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.email=your@email.com
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
    ports:
      - 80:80
      - 443:443
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      traefik.enable: true

      # dashboard
      traefik.http.routers.api.rule: Host(`traefik.localhost`)
      traefik.http.routers.api.entrypoints: web
      traefik.http.routers.api.service: api@internal
 
      # global redirect
      traefik.http.routers.http_redirect.rule: hostregexp(`{host:.+}`)
      traefik.http.routers.http_redirect.entrypoints: web
      traefik.http.routers.http_redirect.middlewares: redir
 
      traefik.http.routers.https_redirect.rule: hostregexp(`{host:.+}`)
      traefik.http.routers.https_redirect.entrypoints: websecure
      traefik.http.routers.https_redirect.tls: true
      traefik.http.routers.https_redirect.priority: 1 # low priority
      traefik.http.routers.https_redirect.middlewares: redir
 
      traefik.http.middlewares.redir.redirectregex.regex: ^https?://([a-zA-Z0-9-]+).localhost(.*)$$
      traefik.http.middlewares.redir.redirectregex.replacement: https://whoami.localhost/$${1}$${2}

  my-app:
    image: containous/whoami:v1.4.0
    labels:
      traefik.enable: true
      traefik.http.routers.my-app.rule: Host(`whoami.localhost`)
      traefik.http.routers.my-app.middlewares: auth
      traefik.http.routers.my-app.entrypoints: websecure
      traefik.http.routers.my-app.tls: true
      traefik.http.routers.my-app.tls.certresolver: leresolver
      traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ # user/password

sandroden · February 10, 2020, 12:55pm

Thanks Idez,

I dont' think I'm using a very different approach even though it's in the target label (my-app). I need to redirect between two different names and I'm doing exactly this:

      labels:
         traefik.enable: true
         traefik.http.routers.grazie-web.rule: Host(`grazie.e-den.it`, `october.e-den.it`)
         traefik.http.routers.grazie-web.entrypoints: web
         #traefik.http.routers.grazie-web.middlewares: redirect-to-https                                                                                                                                                                                                                               
         traefik.http.routers.grazie-web.middlewares: grazie-redirectregex
         #traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https                                                                                                                                                                                                                      

         traefik.http.routers.grazie-secured.rule: Host(`grazie.e-den.it`, `october.e-den.it`)
         traefik.http.routers.grazie-secured.entrypoints: web-secured
         traefik.http.routers.grazie-secured.tls.certresolver: leresolver
         traefik.http.routers.grazie-web.middlewares: grazie-redirectregex                                                                                                                                                                                                                      

         traefik.http.middlewares.grazie-redirectregex.redirectregex.regex: ^https?://(october|grazie).e-den.it/(.*)
         traefik.http.middlewares.grazie-redirectregex.redirectregex.replacement: https://grazie.e-den.it/$${2}
         traefik.http.middlewares.grazie-redirectregex.redirectregex.permanent: true

When testing http://october.e-den.it I am correctly redirected to https://grazie.... but when connecting via https I have been served directly the page (w/ no errors).

Here is how I test it with script that uses python requets:

$ jmb test domain october.e-den.it/la-base/
http://october.e-den.it/la-base/ => 301  (https://grazie.e-den.it/la-base/) [0.11s]
https://october.e-den.it/la-base/ => 200 (La base) [0.53s]

I'm very new to traefik, so maybe I don't understand correctly the implications passing from global to local in defining the redirect.

I'm using traefik 2.1.4.

microbug · February 10, 2020, 1:01pm

Thanks, that solved my problem

sandroden · February 12, 2020, 9:45am

Hi microbug, would you mind to share the configuration that worked for you? I'm still stuck with the situation described above. I can't redirect from https => https.

sandro

sandroden · February 12, 2020, 11:58am

SOLVED, copy-paste fault here...
In the second block for the secured router I forgot to modify the router, so that the used router was always the same...

- traefik.http.routers.grazie-web.middlewares: grazie-redirectregex 
+ traefik.http.routers.grazie-secured.middlewares: grazie-redirectregex

the final configuration was fine tuned:

labels:
   traefik.enable: true
   traefik.http.routers.grazie-web.rule: Host(`grazie.e-den.it`, `october.e-den.it`)
   traefik.http.routers.grazie-web.entrypoints: web
   traefik.http.routers.grazie-web.middlewares: grazie-redirectregex

   traefik.http.routers.grazie-secured.rule: Host(`grazie.e-den.it`, `october.e-den.it`)
   traefik.http.routers.grazie-secured.entrypoints: web-secured
   traefik.http.routers.grazie-secured.tls.certresolver: leresolver
   traefik.http.routers.grazie-secured.tls: true
   traefik.http.routers.grazie-secured.middlewares: grazie-redirectregex

   traefik.http.middlewares.grazie-redirectregex.redirectregex.regex: ^(https?://october|http://grazie).e-den.it(.*)
   traefik.http.middlewares.grazie-redirectregex.redirectregex.replacement: https://grazie.e-den.it$${2}
   traefik.http.middlewares.grazie-redirectregex.redirectregex.permanent: true

I confirm that now I have correct https => https and in the prev example I have generation of certificate with main and sans

the result show the correct behaviour:

$ jmb test domain october.e-den.it/la-base/
http://october.e-den.it/la-base/ => 301  (https://grazie.e-den.it/la-base/) [0.1s]
https://october.e-den.it/la-base/ => 301  (https://grazie.e-den.it/la-base/) [0.19s]

$ jmb test domain grazie.e-den.it/la-base/
http://grazie.e-den.it/la-base/ => 301  (https://grazie.e-den.it/la-base/) [0.1s]
https://grazie.e-den.it/la-base/ => 200 (La base) [0.54s]

Topic		Replies	Views
404 with RegexRedirect Traefik v2 (latest) docker	2	405	September 20, 2022
Cannot get global http to https redirection to work Traefik v2 (latest) docker , letsencrypt-acme , middleware	4	348	June 2, 2023
Cannot get http -> https redirect to work properly Traefik v2 (latest) docker , middleware	3	1697	December 12, 2019
HTTPS Redirection Default Traefik v2 (latest) docker , middleware	2	427	May 21, 2020
Redirect scheme (http to https) not working Traefik v2 (latest) middleware	6	3945	October 10, 2022

Regex redirect fails with HTTPS

Related Topics