Hello,
This is how my setup looks like:
version: "3.6"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --api
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myhttpchallenge.acme.email=email"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`domain.com`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=myhttpchallenge"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.users=user:pass"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
restart: always
nginx:
container_name: nginx
build: ./nginx/
labels:
- "traefik.http.routers.nginx.rule=Host(`domain2.com`)"
- "traefik.http.routers.nginx.entrypoints=websecure"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.tls.certresolver=myhttpchallenge"
restart: always
What do I have to do to reach the NGINX container via http and https?
cakiwi
March 2, 2020, 8:03pm
2
Add another router to the nginx server that uses the web entry point. You will have to add priority too as the redirect by default will take precedence(rule length).
https://docs.traefik.io/routing/routers/#priority
Thanks for your answer. Unfortunately I still can't reach my website via http. It is still redirected to https.
nginx:
container_name: nginx
build: ./nginx/
labels:
- "traefik.http.routers.nginx.rule=Host(`domain2.com`)"
- "traefik.http.routers.nginx.entrypoints=websecure"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.tls.certresolver=myhttpchallenge"
- "traefik.http.routers.nginx.priority=1"
- "traefik.http.routers.nginxhttp.entrypoints=web"
- "traefik.http.routers.nginxhttp.priority=2"
restart: always
Would it also be possible to bypass a redirection just by adding a parameter in the URL?domain2.com?https=false
cakiwi
March 3, 2020, 12:29pm
4
The priority is too low.
The priority is directly equal to the length of the rule, and so the longest length has the highest priority.
Yes, as long as the subequent Rule length is greater than the redirect rule.
Could you please give me a source code example for both cases?
cakiwi
March 3, 2020, 2:47pm
6
The length of your https-catchall Rule hostregexp(`{host:.+}`) is 23 so anything with a priority greater than this will evaluate before.
Therefore: traefik.http.routers.nginxhttp.priority=24
You don't have a Rule on the nginxhttp Router. So it will use the defaultRule for the docker provider and not match domain2.com
nginx:
container_name: nginx
build: ./nginx/
labels:
- "traefik.http.routers.nginx.rule=Host(`domain2.com`)"
- "traefik.http.routers.nginx.entrypoints=websecure"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.tls.certresolver=myhttpchallenge"
# Not required does not share entrypoint with http-catchall
# - "traefik.http.routers.nginx.priority=1"
# need the Host rule too
- "traefik.http.routers.nginx.rule=Host(`domain2.com`)"
- "traefik.http.routers.nginxhttp.entrypoints=web"
# Update to have priority greater than http-catchall rule. Increase it you really want.
- "traefik.http.routers.nginxhttp.priority=24"
restart: always
Sorry I meant "yes you can route on a query string" not "you can bypass the redirect"
Thanks a lot. This is exactly what I needed
1 Like
