Rewrite HTTP to HTTPs - no redirect

csaeum · May 13, 2024, 8:22am

Hello, I wanted to ask if you can do this with Traefik.

My problem:
I wanted to install Shopware6. First of all everything is good so far.
When the installation begins, it calls up the domain in the source code with http and not with https:

So I get the message

“Access-Control-Allow-Origin” error 308

When I access the page with http it redirects to https and I see the message:

Oops! An Error Occurred
The server returned a "405 Method Not Allowed".

Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.

My solution is to remove the automatic redirect and now also accept http requests, which would not be my goal in the long term.
How could I solve this differently?

bluepuma77 · May 13, 2024, 10:47am

That seems like an error message from your target service, not from Traefik.

Did you install Shopware using http? I know that Wordpress stores the original URL it was installed at (incl. http), and you need to change Wordpress settings to enable it on https later on.

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

csaeum · May 13, 2024, 11:30am

OK, sorry for forgetting the config

Here my Docker-compose for Traefik:

volumes:
  letsencrypt-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/letsencrypt

services:
  traefik:
    image: "traefik:v3.0"
    container_name: ${COMPOSE_PROJECT_NAME}
    command:
      - "--providers.file.filename=/traefik.yml"
    labels:
      traefik.enable: "true"
      traefik.http.routers.traefik.rule: "${HOSTRULE}"
      traefik.http.routers.traefik.service: "api@internal"
      traefik.http.routers.traefik.middlewares: "myauth"
      traefik.http.middlewares.myauth.basicauth.users: test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
    networks:
      - "${PROXY_NETWORK}"
      - "default"
    ports:
      # To be able to listen on port 80 (http)
      - mode: host
        published: 80
        target: 80
      # To be able to listen on port 443 (https)
      - mode: host
        published: 443
        target: 443
    restart: ${RESTART}
    volumes:
#      - ./configs/traefik/config.yml:/etc/traefik/config.yml:ro
      - ./configs/traefik/traefik.yml:/traefik.yml:ro
      - ./logs/access.log:/var/log/access.log
      - ./logs/traefik.log:/var/log/traefik.log
      # Set the container timezone by sharing the read-only localtime
      - /etc/localtime:/etc/localtime:ro
      - letsencrypt-data:/letsencrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

networks:
  traefik_proxy:
    external: true
    name: ${PROXY_NETWORK}
  default:
    driver: bridge

here my traefik.yml:

accessLog:
  filePath: "/var/log/access.log"

api:
  # Enable the dashboard
  dashboard: true
  insecure: false

certificatesResolvers:
  letsEncrypt:
    acme:
      tlschallenge: true
      email: "webmaster@domain.org"
      storage: "/letsencrypt/Traefik.json"

entryPoints:
  web-http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: "websedcure-https"
          scheme: "https"
  websecure-https:
    address: ":443"
    http:
      tls:
        certResolver: letsEncrypt

log:
  level: DEBUG
  filePath: /var/log/traefik.log

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"   # Listen to the UNIX Docker socket
    exposedByDefault: false                   # Only expose container that are explicitly enabled (using label traefik.enabled)
    network: "traefik_proxy"                  # Default network to use for connections to all containers.
  file:
    filename: "/etc/traefik/config.yml"       # Link to the dynamic configuration
    watch: true                               # Watch for modifications
  providersThrottleDuration: 10               # Configuration reload frequency

I have just switched off the redirect hence the "error" in the webse"d"cure

here my docker-compose for Shopware:

version: '3'

volumes:
  backup-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/backup
  mysql-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/mysql
  redis-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/redis
  www-data:
    driver: local-persist
    driver_opts:
      mountpoint: ${CONTAINERVOLUMES}/html

services:

# Datenbank Backup
  DBBackup:
    image: fradelg/mysql-cron-backup
    container_name: ${COMPOSE_PROJECT_NAME}-DBBackup
    restart: ${RESTART}
    depends_on:
      - mysql
    volumes:
      - backup-data:/backup
    environment:
      TZ: ${TIMEZONE}
      MYSQL_HOST: mysql
      MYSQL_USER: root
      MYSQL_PASS: ${MYSQL_ROOT_PASSWORD}
      MAX_BACKUPS: 6
      INIT_BACKUP: 1
      # 3 Minuten, um 0 uhr, 6 uhr und 18 uhr
      CRON_TIME: 3 0,6,18, * * *
      # Make it small
      GZIP_LEVEL: 9

# Datenbank Percona
  mysql:
    image: bitnami/mysql:8.0
    container_name: ${COMPOSE_PROJECT_NAME}-MYSQLDB
    restart: ${RESTART}
    volumes:
      - mysql-data:/bitnami/mysql/data
      - ./configs/mysql:/etc/mysql/conf.d
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      TZ: ${TIMEZONE}

# PHP & Crons
  php:
    image: thecodingmachine/php:8.3-v4-apache
    container_name: ${COMPOSE_PROJECT_NAME}-phpFPM
    restart: ${RESTART}
    environment:
      # Nur für Apache
      TZ: ${TIMEZONE}
      APACHE_RUN_USER: docker
      APACHE_RUN_GROUP: docker
      APACHE_DOCUMENT_ROOT: /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/public
#      APACHE_DOCUMENT_ROOT: /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt

      # Extensions
      PHP_EXTENSION_BCMATH: 1
      PHP_EXTENSION_GD: 1
      PHP_EXTENSION_GMP: 1
      PHP_EXTENSION_IMAGICK: 1
      PHP_EXTENSION_INTL: 1
      PHP_EXTENSION_MYSQLI: 1
      PHP_EXTENSION_PGSQL: 0

      # PHP Daten
      PHP_INI_DISPLAY_ERRORS: 0
      PHP_INI_DATE_TIMEZONE: ${TIMEZONE}
      PHP_INI_ERROR_REPORTING: E_ALL
      PHP_INI_MAX_EXECUTION_TIME: 360
      PHP_INI_MAX_INPUT_VARS: 10000
      PHP_INI_MEMORY_LIMIT: 1g
      PHP_INI_POST_MAX_SIZE: 64M
      PHP_INI_REALPATH_CACHE_TTL: 3600
      PHP_INI_UPLOAD_MAX_FILESIZE: 64M

      # ZEND
      PHP_INI_ZEND__ASSERTIONS: -1
      PHP_INI_ZEND__DETECT_UNICODE: 0

      # Opcode Cache
      PHP_INI_OPCACHE__ENABLE: 1
      PHP_INI_OPCACHE__ENABLE_CLI: 1
      PHP_INI_OPCACHE__MAX_ACCERLERATED_FILES: 20000
      PHP_INI_OPCACHE__ENABLE_FILE_OVERRIDE: 1
      PHP_INI_OPCACHE__INTERNED_STRINGS_BUFFER: 20

      # Cron Jobs
      CRON_USER_1: root
      CRON_SCHEDULE_1: 02 03 * * *
      CRON_COMMAND_1: /backup/HTML-Backup.sh
      CRON_USER_2: docker
      CRON_SCHEDULE_2: 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59 * * * *
      CRON_COMMAND_2: /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/bin/console messenger:consume async low_priority --time-limit=60
#      CRON_USER_3: docker
#      CRON_SCHEDULE_3: 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59 * * * *
#      CRON_COMMAND_3: /var/www/html/${COMPOSE_PROJECT_NAME}-Projekt/bin/console core:archive
    # Traefik Einstellungen
    labels:
      - traefik.enable=true
# Netzwerk      
      - traefik.docker.network=${PROXY_NETWORK}
# Domain - Routers
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${HOSTRULE}
# VPN - START
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.ipwhitelist.ipStrategy=true
#      - "traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.ipwhitelist.sourcerange=217.91.4.40, 217.91.161.217, 138.201.136.57, 128.140.38.44"
# VPN - ENDE
# Header - START
      - traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=${COMPOSE_PROJECT_NAME}_Middleware
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.customrequestheaders.X_Forwarded_Protocol=https
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.customrequestheaders.X-Forwarded-Ssl=on
      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.customrequestheaders.X-Forwarded-Port=443
  # CORS Headers
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.accesscontrolallowheaders=*
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.accesscontrolallowmethods=*
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.accesscontrolalloworiginlist=*
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.accesscontrolexposeheaders=*
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.accesscontrolmaxage=100
#      - traefik.http.middlewares.${COMPOSE_PROJECT_NAME}_Middleware.headers.addvaryheader=true
# Header - ENDE
    networks:
      - default
      - ${PROXY_NETWORK}
    volumes:
      - backup-data:/backup
      - www-data:/var/www/html

# REDIS Server
# Daten auf dem Container UID 1001
# Standard Port 6379
  redis:
    image: bitnami/redis:latest
    container_name: ${COMPOSE_PROJECT_NAME}-Redis
    restart: ${RESTART}
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
#      REDIS_PASSWORD: password123
#      REDIS_PORT_NUMBER: 7000
    volumes:
      - redis-data:/bitnami/redis/data

networks:
  traefik_proxy:
    external: true
    name: ${PROXY_NETWORK}

bluepuma77 · May 13, 2024, 2:53pm

This is kind of double wrong: you can only have a single static config (traefik.yml or command:) and traefik.yml is usually the static config which is not loaded with providers.file:

The solution to your problem might be a simple misspelling: websedcure

csaeum · May 13, 2024, 3:07pm

No it's not. Since I wrote that I first switched off the redirect due to this error.

The redirect is not the problem, but rather, as I wrote above, that it does not rewrite the data from http to https.

By that I mean directly in the source code

bluepuma77 · May 13, 2024, 8:37pm

What do you mean by that?

csaeum · May 14, 2024, 6:06am

Good morning

Well, I have to say that my "thought" was that Traefik then scans the website or the source code that flows through it and rewrites everything that begins with http:// directly into https://.

But okay, in retrospect that would be massive and it would slow down a lot of things, etc.

I found the error yesterday. Apparently Shopware or maybe Symfony has a problem with the .env files.
The MySQL config is taken but the

 "TRUSTED_PROXIES=0.0.0.0/0" or "TRUSTED_PROXIES=REMOTE_ADDR"

is not taken.

Only when I inserted this into the Framework.yaml did it work again and I no longer got the errors and the page ran.

Sorry for the strange question But what would experts recommend that I could improve on my config

Topic		Replies	Views
I can't set up redirect http to https Traefik v2 docker , middleware	2	64	July 1, 2024
POST http redirect to POST https Traefik v1	3	3073	July 11, 2019
Cannot get http -> https redirect to work properly Traefik v2 docker , middleware	3	1822	December 12, 2019
Redirect http to https Traefik v2 docker	1	1066	December 31, 2023
Cannot get global http to https redirection to work Traefik v2 docker , letsencrypt-acme , middleware	4	491	June 2, 2023

Rewrite HTTP to HTTPs - no redirect

Related Topics