[SOLVED] HTTP to HTTPS redirect ends in an https url with 8443 appended

Hello

I use the preinstalled Traefik (2.3.4) on the Scaleway Kubernetes product as ingress controller.
Everything like routing, Let's Encrypt certs etc works pretty well, except the global redirect from http to https.
I saw some pretty similar issues on this board, but I was not able to fix my issue with the given information. May somebody can help me to point out mine issue.

Basically the problem is that every time when I call an http URL I got redirected to https, but it add the internal port ":8443" behind the URL.
It ends then in an URL like https://myurl.com:8443. This is not working because my NLB is listen on the port 443 and is redirecting everything to 8443 as port of Traefik.
When I call the https URL directly (understandably without the port :slight_smile: ) then everything works as expected and I get a valid response with the certificate.
I ended with the following arguments for Traefik for now:

        - --global.checknewversion
        - --entryPoints.traefik.address=:9000
        - --entryPoints.web.address=:8000
        - --entryPoints.websecure.address=:8443
        - --api.dashboard=true
        - --ping=true
        - --providers.kubernetesIngress.ingressClass=traefik-cert-manager
        - --providers.kubernetescrd
        - --providers.kubernetesingress
        - --entryPoints.web.http.redirections.entryPoint.to=websecure
        - --entryPoints.web.http.redirections.entryPoint.scheme=https

I also tried to set the entryPoint.to to :443 but this also not worked and ended in the same behavior.

Can someone tell me what is wrong and why Traefik is adding the port behind instead of just routing the request to https?

Thank you.

Hello @matthiasbaldi,

I am seeing the same behavior. Did you manage to get the redirect working as intended?

1 Like

Setting --entrypoints.web.http.redirections.entryPoint.to=:443 worked for me, but my browser was caching the request so it seemed to fail initially. Therefore clear the cache, use a private browsing session or test with curl instead:

curl -I http://myurl.com/somepath
curl -k -I https://myurl.com/somepath

Thank you that helped pretty well. :grin::+1:
May the simplest possible version to handle the requirement. thx.

I am glad to hear this worked :slightly_smiling_face:

I found one problem with my setup because I use cert-manager. Then the cert-manager pod/service was not listening on the 443 port and it got always a 404.
So I had to stop the redirects for the .well-known requests. I found the final solution with the priority property.

'--entrypoints.web.http.redirections.entryPoint.to=:443',
'--entrypoints.web.http.redirections.entrypoint.permanent=true',
'--entrypoints.web.http.redirections.entrypoint.priority=10',

In this case first the .well-known url and then possibly other listening ingresses.
Because I only expose the application to the TLS ingress route everything else get's redirected to HTTPS.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.