apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
namespace: kube-system
spec:
redirectScheme:
scheme: https
permanent: "true"
port: 443
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: example.com-ingress
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: example
port: 80
namespace: kube-system
tls:
certResolver: default
domains:
- main: example.com
sans:
- www.example.com
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: http-example.com-redirect-to-https
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: HostRegexp(`example\.com`)
kind: Rule
services:
- name: example
port: 80
middlewares:
- name: redirect-https
namespace: kube-system
This is my .yaml - Getting a redirect for:
"http://example.com " -> "https://example.com "
but not:
"example.com " -> "404 page not found"
Actually... what seems to be worse.. I am getting intermittent connection behavior / depending on browser.
How do I just do a solid and reliable force to SSL configuration ??
I want ZERO unencrypted port 80 http requests - I just want them instantly and automatically made SSL 443 https connections.
What is the right Kubernetes .yaml for Traefik v2.1?
ldez
February 11, 2020, 10:27am
3
Hello,
For curl or browsers when the call to example.com
is "rewritten" in http://example.com
because an URL without scheme is not really valid, so could you explain how you produce the call to example.com
(without scheme)?
You can follow the global redirection pattern explain in Traefik v1 to v2 | Traefik | v2.1
By typing into bowser bar: www.example.com
People do this in real-life (even if it is not technically valid ).
Therefore - how do I catch and route these naked calls in Traefik to the https:// of the naked call?
Do I need to add another catch-all entryPoint perhaps?
As I think the "404 page not found" is a Traefik generated 404 response.
ldez
February 11, 2020, 12:58pm
5
example.com
!= www.example.com
all the browsers add a hidden scheme (http) by default.
To be clear example.com
= http://example.com
, it's the same thing.
So I think there is something missing in your explanation.
How should I / can I dig-in a bit deeper to get some logs?
OK... I think it is the redirect isn't working.
So... http://example.com renders 404 error
but ..https://example.com connects Ingress > Service > Pod just fine.
a user typing "example.com " is invoking the port 80 http:// call (fails: 404).
HOW DO I FIX THIS?
ldez
February 11, 2020, 5:51pm
8
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: example.com-ingress
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: HostRegexp(`{host:(www\.)?}example.com`)
kind: Rule
services:
- name: example
port: 80
namespace: kube-system
tls:
certResolver: default
domains:
- main: example.com
sans:
- www.example.com
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: http-example.com-redirect-to-https
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: HostRegexp(`{host:(www\.)?}example.com`)
kind: Rule
services:
- name: example
port: 80
middlewares:
- name: redirect-https
namespace: kube-system
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
namespace: kube-system
spec:
redirectScheme:
scheme: https
permanent: "true"
port: 443
1 Like
Ok. this works now.. I have enough information to post a blog post next week.