Server gave HTTP response to HTTPS client

I've initialized traefik in docker swarm with following parameters:

docker service create
--name traefik
--mode global
--constraint=node.role==manager
--network mynet
--network dockersocket4traefiknet
--publish 80:80
--publish 443:443
--mount type=bind,source=/etc/ssl/certs,target=/ssl
traefik:1.7
--defaultentrypoints="https"
--retry
--debug=true
--logLevel=DEBUG
--docker
--docker.endpoint="tcp://dockersocket4traefik:2375"
--docker.swarmmode
--docker.watch
--docker.exposedbydefault=true
--docker.tls
--docker.tls.ca=/ssl/root.crt
--docker.tls.cert=/ssl/mycert.crt
--docker.tls.key=/ssl/mykey.key \

What is odd is that the traffic to port 2375 is realized using https instead of http. This results in the following error:

traefik.0.qkxia79i3jmp@myhost | time="2019-09-18T12:48:25Z" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: Get https://dockersocket4traefik:2375/v1.24/version: http: server gave HTTP response to HTTPS client"

I fail to find documentation that would help so I'm asking if you've run to the same error? The source code indicates (quick check) that whenever the --docker.tls option is active, the traefik built-in http client switches to https (whereas we would not want that to happen).

Sorry we cannot use letsencrypt but have to use non-self-signed certificates from a commercial source.

Hello @jsaarela,

The source code indicates (quick check) that whenever the --docker.tls option is active, the traefik built-in http client switches to https

That is correct. This is when you require TLS Authentication to communicate with your docker or swarm daemon.

Sorry we cannot use letsencrypt but have to use non-self-signed certificates from a commercial source.

For protecting your docker daemon? It is unlikely that you would have a public certificate for this purpose, due to the DNS and other configuration required.

Thanks for the quick reply! How can I preserve http in the docker/swarm daemon communications but still have https entrypoint to traefik from the Internet?

Hello @jsaarela,

The entrypoint configuration is separate from the communication with docker.

Remember that the docker provider configurations are used to talk with docker for configuration updates, not for proxied requests.

This user guide shows how this is configured:

(https://docs.traefik.io/v1.7/user-guide/docker-and-lets-encrypt/). Disregard the letsencrypt setup, but the entrypoint configuration, and the docker configuration are what you should be looking at.