Traefik 2.9.6 http/https redirect lead to connection timeouts

Traefik Traefik v2 (latest)
,
1

I've set up a http to https redirect in the static confiuration as per manual. When browsing to http://example.com I run into a connection timeout - instead of redirecting to the https connection. Browsing to https://example.com works fine.
What may be wrong with the redirect?

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: :443

My container uses the following labels section:

    labels:
      - traefik.enable=true
      - traefik.http.routers.www-docs.rule=Host(`example.com`)
      - traefik.http.routers.www-docs.tls=true
      - traefik.http.routers.www-docs.tls.certResolver=letsencrypt
2

Your config looks like the template, I can't find a typo. Do you expose port 80 and 443 of your Traefik container?

3

Actually, I had a legacy process running on port 80, and traefik port 80 not exposed.

4

Though all the obvious issues have been fixed, I still get timeouts.

root@nuc0:~/wallabag# ss -nltp | grep docker
LISTEN    0         4096               0.0.0.0:80               0.0.0.0:*        users:(("docker-proxy",pid=2374,fd=4))
LISTEN    0         4096               0.0.0.0:443              0.0.0.0:*        users:(("docker-proxy",pid=2160,fd=4))
...
LISTEN    0         4096                  [::]:80                  [::]:*        users:(("docker-proxy",pid=2402,fd=4))
LISTEN    0         4096                  [::]:443                 [::]:*        users:(("docker-proxy",pid=2187,fd=4))
...
root@nuc0:~/wallabag# ps aux | grep 2374
root        2374  0.0  0.0 1082880 3228 ?        Sl   21:58   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.27.0.2 -container-port 80
root@nuc0:~/wallabag# ps aux | grep 2160
root        2160  0.1  0.0 1230856 3388 ?        Sl   21:58   0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.27.0.2 -container-port 443

Incidentally, 172.27.0.2 is linked to the Traefik container. So, AFAIK everything SHOULD work now.
Also, I've removed the redirect to isolate the problem:

entryPoints:
  web:
    address: :80
  websecure:
    address: :443
5

Can you post your Traefik static and dynamic config, and docker-compose.yml if used?

6 
# static configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: true

api:
  dashboard: true

log:
  level: DEBUG
accessLog: {}

entryPoints:
  web:
    address: :80
  websecure:
    address: :443

providers:
  docker:
    network: traefik_default
    exposedByDefault: false
    watch: true
  file:
    directory: "/etc/provider"
    watch: true

serversTransport:
  insecureSkipVerify: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: "baloan@mailbox.org"
      storage: "/letsencrypt/acme.json"
      tlsChallenge: {}

version: '3'
services:
  traefik:
    image: "traefik:latest"
    restart: always
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      - "8448:8448"
    volumes:
      - "/root/traefik/etc:/etc/traefik"
      - "/root/traefik/provider:/etc/provider"
      - "letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
volumes:
  letsencrypt:

version: "3"
services:
  www-docs:
    image: baloan/www-docs:latest
    container_name: www-docs
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.www-docs.rule=Host(`example.com`)
      - traefik.http.routers.www-docs.tls=true
      - traefik.http.routers.www-docs.tls.certResolver=letsencrypt
    networks:
      - traefik_default
networks:
  traefik_default:
    external: true
7

Having no feedback I presume this is a new, unknown issue. If no objections, I will post an issue on github.

8

What’s your current problem?

This is what I would expect:

curl -v http://example.com
-> error 404 not found
no redirect, service not assigned to entrypoint 

curl -v https://example.com
-> your service

Have you enabled and checked Traefik debug log and access log?

9

(post deleted by author)

10

http://docs.ads64.de/index.html does not work, List of available projects - HTTrack Website Copier works without issues.
Traefik dashboard confirms both web and websecure entrypoints are active:

image
image1411×54 8.2 KB

client terminal (external server)

root@relay:~# curl -v http://docs.ads64.de/index.html
*   Trying 2003:e7:4727:1400:f6b5:20ff:fe13:1f25...
* TCP_NODELAY set
* Connected to docs.ads64.de (2003:e7:4727:1400:f6b5:20ff:fe13:1f25) port 80 (#0)
> GET /index.html HTTP/1.1
> Host: docs.ads64.de
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Wed, 08 Feb 2023 20:39:14 GMT
< Content-Length: 19
<
404 page not found
* Connection #0 to host docs.ads64.de left intact
root@relay:~#

traefik log file

172.27.0.1 - - [08/Feb/2023:20:39:14 +0000] "GET /index.html HTTP/1.1" - - "-" "-" 132619 "-" "-" 0ms
11

Whatever you did, the original problem of timeout is solved, just enable redirect again.

12

Shouldn't port 80 - like 443 - also be routed to the service? Instead I see different behaviour for 80 and 443.

13

I think it's a bit more complicated. By default a router is using all entry points. But you have set your router to TLS, so it will not work without TLS.

When you use http, you automatically use port 80 and no encryption, that won't work*.

When you use https, you automatically use port 443 with encryption, that works.

Without a redirect, this should work https://example.com:80 (which is not "standard").

*Traefik probably recognizes this (no TLS, but TLS router) and returns an error.

14

Added redirect, everything works as expected. Thanks for the support, much appreciated

15

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.