Skip default middleware for a docker swarm service

Hello,

I have a quite simple Traefik stack on docker swarm with a default middleware to redirect http to https.

For a single (and very legacy) service I'm containerizing/migrating into this stack, I have to setup a catchall router like HostRegexp({subhost:[a-zA-Z0-9_-]+}.myapp.lab.mycompany.com)

The problem is that the http-to-https redirect is active and I have no wildcard certificate (nor i'm sure if legacy clients are smart enough to follow https redirections)

What would be nice would be able to deactivate the http-to-https default middleware for this router. Is it possible ?

Regards,

--
Pierre Y.

Check this previous reply.

composefile
version: '3'

services:
  traefik: 
    image: traefik:2.9
    ports:
      - 80:80
      - 443:443
    command:
      - --providers.docker
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=web-secure
      - --entrypoints.web.http.redirections.entrypoint.priority=2147483645
      - --entrypoints.web-secure.address=:443
      - --entrypoints.web-secure.http.tls=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

  whoami: 
    image: traefik/whoami
    labels:
      traefik.http.routers.whoami.rule: Host(`s1.lab.localhost`)

  legacy: 
    image: traefik/whoami
    labels:
      traefik.http.routers.legacy.rule: HostRegexp(`{subhost:[a-zA-Z0-9_-]+}.myapp.lab.localhost`)
      traefik.http.routers.legacy.priority: 2147483646
      traefik.http.routers.legacy.entrypoints: web

curl on normal router
curl s1.lab.localhost -ikL
HTTP/1.1 301 Moved Permanently
Location: https://s1.lab.localhost/
Date: Sat, 29 Oct 2022 22:35:05 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8

HTTP/2 200 
content-type: text/plain; charset=utf-8
date: Sat, 29 Oct 2022 22:35:05 GMT
content-length: 355

Hostname: 5a3947ecce72
IP: 127.0.0.1
IP: 172.24.0.2
RemoteAddr: 172.24.0.3:32772
GET / HTTP/1.1
Host: s1.lab.localhost
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.24.0.1
X-Forwarded-Host: s1.lab.localhost
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 579b500cd905
X-Real-Ip: 172.24.0.1

curl on legacy
curl legacy.myapp.lab.localhost -ikL
HTTP/1.1 200 OK
Content-Length: 373
Content-Type: text/plain; charset=utf-8
Date: Sat, 29 Oct 2022 22:35:34 GMT

Hostname: e83e28d21964
IP: 127.0.0.1
IP: 172.24.0.4
RemoteAddr: 172.24.0.3:46212
GET / HTTP/1.1
Host: legacy.myapp.lab.localhost
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 172.24.0.1
X-Forwarded-Host: legacy.myapp.lab.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 579b500cd905
X-Real-Ip: 172.24.0.1

2 Likes

Great, it worked like a charm. Thank you very much !

I set the priority definition fir the http-to-https middleware in traefik.yml :

entryPoints:
  https:
    address: :443
    http:
      middlewares:
        - gzip
      tls:
        certResolver: le
  http:
    address: :80
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
          priority: 2147483645
...
1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.