[SOLVED] HTTP to HTTPS redirect ends in an https url with 8443 appended

matthiasbaldi · March 21, 2021, 11:10pm

Hello

I use the preinstalled Traefik (2.3.4) on the Scaleway Kubernetes product as ingress controller.
Everything like routing, Let's Encrypt certs etc works pretty well, except the global redirect from http to https.
I saw some pretty similar issues on this board, but I was not able to fix my issue with the given information. May somebody can help me to point out mine issue.

Basically the problem is that every time when I call an http URL I got redirected to https, but it add the internal port ":8443" behind the URL.
It ends then in an URL like https://myurl.com:8443. This is not working because my NLB is listen on the port 443 and is redirecting everything to 8443 as port of Traefik.
When I call the https URL directly (understandably without the port ) then everything works as expected and I get a valid response with the certificate.
I ended with the following arguments for Traefik for now:

        - --global.checknewversion
        - --entryPoints.traefik.address=:9000
        - --entryPoints.web.address=:8000
        - --entryPoints.websecure.address=:8443
        - --api.dashboard=true
        - --ping=true
        - --providers.kubernetesIngress.ingressClass=traefik-cert-manager
        - --providers.kubernetescrd
        - --providers.kubernetesingress
        - --entryPoints.web.http.redirections.entryPoint.to=websecure
        - --entryPoints.web.http.redirections.entryPoint.scheme=https

I also tried to set the entryPoint.to to :443 but this also not worked and ended in the same behavior.

Can someone tell me what is wrong and why Traefik is adding the port behind instead of just routing the request to https?

Thank you.

davosian · May 16, 2021, 11:23am

Hello @matthiasbaldi,

I am seeing the same behavior. Did you manage to get the redirect working as intended?

davosian · May 16, 2021, 11:46am

Setting --entrypoints.web.http.redirections.entryPoint.to=:443 worked for me, but my browser was caching the request so it seemed to fail initially. Therefore clear the cache, use a private browsing session or test with curl instead:

curl -I http://myurl.com/somepath
curl -k -I https://myurl.com/somepath

matthiasbaldi · May 16, 2021, 1:38pm

Thank you that helped pretty well.
May the simplest possible version to handle the requirement. thx.

davosian · May 18, 2021, 12:37pm

I am glad to hear this worked

matthiasbaldi · May 18, 2021, 1:45pm

I found one problem with my setup because I use cert-manager. Then the cert-manager pod/service was not listening on the 443 port and it got always a 404.
So I had to stop the redirects for the .well-known requests. I found the final solution with the priority property.

'--entrypoints.web.http.redirections.entryPoint.to=:443',
'--entrypoints.web.http.redirections.entrypoint.permanent=true',
'--entrypoints.web.http.redirections.entrypoint.priority=10',

In this case first the .well-known url and then possibly other listening ingresses.
Because I only expose the application to the TLS ingress route everything else get's redirected to HTTPS.

system · May 21, 2021, 1:45pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Global http redirect to https in kubernetes Traefik v2 (latest) kubernetes-crd , kubernetes-ingress	1	516	November 1, 2020
Questions about the redirect from http to https Traefik v2 (latest) kubernetes-ingress , middleware	0	395	August 15, 2022
Http to https redirection on K8S Ingress Traefik v2 (latest) kubernetes-ingress	17	24054	December 3, 2020
HTTP to HTTPS redirect Traefik v2 (latest) kubernetes-ingress	4	1093	August 13, 2020
Kubernetes http to https redirect Traefik v2 (latest) kubernetes-crd	3	2252	September 23, 2019

[SOLVED] HTTP to HTTPS redirect ends in an https url with 8443 appended

Related Topics