I think there are numerous topic on this, but I can't find solution in any.
usercase: docker-compose + traefik proxy + self-signed certificate + global http to http redirect
docker-compose.yml
:
version: "3"
services:
traefik:
image: traefik:chevrotin
container_name: "traefik"
restart: unless-stopped
command:
- --providers.file.directory=/config
- --providers.file.watch=true
# Logging
- --log=true
- --log.filePath=/logs/traefik.log
- --log.level=INFO
- --log.format=json
- --accesslog=true
- --accesslog.filepath=/logs/access.log
- --accesslog.format=json
- --accessLog.bufferingSize=100
- --accessLog.filters.statusCodes=400-499
# docker settings
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.network=web
- --providers.docker.exposedbydefault=false
# dashboard
- --api=true
- --api.dashboard=true
# entrypoint configuration
- --entrypoints.http.address=:80
- --entrypoints.http.http.redirections.entrypoint.to=https
- --entrypoints.http.http.redirections.entrypoint.scheme=https
- --entrypoints.https.address=:443
labels:
- traefik.enable=true
# dashboard
- "traefik.http.routers.api.rule=PathPrefix(`/api`)"
- "traefik.http.routers.api.entrypoints=https"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=api-auth"
- "traefik.http.routers.api.tls"
- "traefik.http.middlewares.api-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- ./config:/config:ro
- ./certs:/certs:ro
- ./logs:/logs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: containous/whoami
container_name: whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami-https.entrypoints=https
- traefik.http.routers.whoami-https.tls=true
- traefik.http.routers.whoami-https.rule=PathPrefix(`/whoami`)
- traefik.http.middlewares.whoami-https.stripprefix.prefixes=/whoami
networks:
- web
networks:
web:
external: true
config/tls.yml
:
tls:
certificates:
- certFile: "/certs/cert.crt"
keyFile: "/certs/private.key"
stores:
- default
stores:
default:
defaultCertificate:
certFile: "/certs/cert.crt"
keyFile: "/certs/private.key"
curl
output:
โฏ curl http://192.168.88.88
Moved Permanently%
~ ยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยท 18:16:38
โฏ curl --insecure https://192.168.88.88
404 page not found
~ ยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยท 18:16:43
โฏ curl --insecure https://192.168.88.88/whoami
Hostname: ecb0ed07179a
IP: 127.0.0.1
IP: 172.22.0.2
RemoteAddr: 172.22.0.3:46368
GET /whoami HTTP/1.1
Host: 192.168.88.88
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.88.15
X-Forwarded-Host: 192.168.88.88
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: f9b4d7b15e9f
X-Real-Ip: 192.168.88.15
~ ยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยท 18:16:46
โฏ curl --insecure https://192.168.88.88/api
401 Unauthorized
~ ยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยทยท 18:17:02
โฏ curl --insecure --user test:test https://192.168.88.88/api
404 page not found
I don't understand what's wrong, because everywhere I go (documentation, tutorials) I see the same config.