Traefik full HTTPS

ffroliva · March 22, 2021, 4:21pm

Hi,

I have an instance of Traefik v2.4.6 running on HTTPS mode with my "backend service" running on HTTP. this works fine.

I am now trying to run in full HTTPS mode (both proxy and backend service on TLS mode enabled).

I have created a self-signed certificate and share it for both (proxy and backend).

My backend service is a spring-boot application.

Here is my current configuration:

traefil.yml

version: "3.7"
services:
  traefik:
    image: traefik:v2.4.6
    command: --providers.docker
    restart: always 
    container_name: traefik
    networks:
      - web
      - internal
    ports:
      - 80:80
      - 443:443
      - 28080:8080
      - 8082:8082
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/static.yml:/etc/traefik/traefik.yml:ro
      - ./traefik/dynamic.yml:/etc/traefik/dynamic/dynamic.yaml
      - ./certs/localhost.crt:/etc/traefik/certs/traefik.crt:ro
      - ./certs/localhost.key:/etc/traefik/certs/traefik.key:ro

dynamic.yml

tls:
  certificates:
    - certFile: "/etc/traefik/certs/traefik.crt"
      keyFile: "/etc/traefik/certs/traefik.key"
      stores:
        - default
  stores:
    default:
      defaultCertificate:
        certFile: "/etc/traefik/certs/traefik.crt"
        keyFile: "/etc/traefik/certs/traefik.key"

static.yml

log:
  level: DEBUG
entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: web-secure
  web-secure:
    address: ":443"
  metrics:
    address: ":8082"

providers:
  docker:
    watch: true
    exposedbydefault: false
  file:
    directory: /etc/traefik/dynamic
    watch: true
    filename: dynamic.yml
    
api:
  dashboard: true
  insecure: true

metrics:
  prometheus: 
      buckets:
        - 0.1
        - 0.3
        - 1.2
        - 5.0
      addEntryPointsLabels: true
      addServicesLabels: true
      entryPoint: metrics

my-service.yml

version: "3.7"
services:
  my-service:
    image: my-service
    networks:
      - internal
    volumes:
      - ./certs/cacerts:/opt/java/openjdk/jre/lib/security/cacerts:ro      
      - ./certs/keystore.p12:/opt/java/openjdk/jre/lib/security/keystore.p12:ro      
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-service.rule=Host(`my-service.localhost`)"
      - "traefik.http.routers.my-service.entrypoints=web,web-secure"
      - "traefik.http.routers.my-service.tls=true"
      - "traefik.http.routers.my-service.service=my-service"
      - "traefik.http.middlewares.my-service.redirectscheme.scheme=https"
      - "traefik.http.middlewares.my-service.redirectscheme.permanent=true"
      - "traefik.http.services.my-service.loadbalancer.server.port=8284"
      - "traefik.http.services.my-service.loadbalancer.sticky=true"
      - "traefik.http.services.my-service.loadbalancer.sticky.cookie.name=StickyCookie"
      - "traefik.http.services.my-service.loadbalancer.sticky.cookie.secure=true"
# enable the property below if your are running on https
      - "traefik.http.services.my-service.loadbalancer.server.scheme=https"

I have tried to add this property: "traefik.http.services.my-service.loadbalancer.server.scheme=https" but it seems it did not work.

Any hint would be highly appreciated.

Regards,

Flávio Oliva

Topic		Replies	Views
HTTPS backend with Traefik's frontend Certificate Traefik v2 docker , tcp	0	1275	April 4, 2022
Traefik v2.10 Configuration Issue with Custom SSL Certificate and Docker Traefik v2 docker	1	818	December 24, 2023
Simple http-to-https redirect with default self-signed certificate Traefik v2 docker	5	3596	April 7, 2021
Docker SSL Certificates Traefik v2 docker	6	5256	September 24, 2019
HTTPS TLS Passthrough Traefik v2 docker	1	15188	October 14, 2021

Traefik full HTTPS

Related topics