Traefik http to https redirection behind AWS ALB causes infinite loop and failing health checks

numToStr · April 26, 2020, 1:48pm

First of all, thank you for the traefik. It is awesome.

Currently, I am replacing nginx with traefik as a reverse proxy. It works seamlessly but when I added the redirectScheme middleware It caused an infinite loop and also the ALB health checks also starts to fails. BTW I am using ECS for deployment.

I am no expert in Networking stuff. So please, anyone has any idea how to solve this problem please do let me know.

Flow:
Request ---> ALB ---> Traefik ---> API

Below are my configuration.
traefik.yaml


accessLog: {}

log:
  level: INFO
  format: json

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
  file:
    directory: /etc/traefik/providers

file.provider.yaml

http:
  middlewares:
    https-only:
      redirectScheme:
        scheme: https
        permanent: true

task-definition.json

{
    "containerDefinitions": [
        {
            "name": "backend",
            "hostname": "backend",
            "dockerLabels": {
                "traefik.enable": "true",
                "traefik.http.routers.backend.rule": "PathPrefix(`/`)",
                "traefik.http.routers.backend.middlewares": "for-dev@file"
            }
        },
        {
            "name": "proxy",
            "hostname": "proxy",
            "portMappings": [
                {
                    "hostPort": 80,
                    "containerPort": 80
                }
            ],
            "links": ["backend"],
            "mountPoints": [
                {
                    "sourceVolume": "docker-socket",
                    "containerPath": "/var/run/docker.sock"
                }
            ]
        }
    ],
    "volumes": [
        {
            "name": "docker-socket",
            "host": {
                "sourcePath": "/var/run/docker.sock"
            }
        }
    ]
}

SantoDE · April 28, 2020, 12:35pm

Hey

The issue is, that propbably your ALB already terminates TLS and therefore connects with Traefik always on HTTP. Therefore, Traefik will force a redirect to HTTPS but as the ALB upfront always uses HTTP, that's gonna be the issue.

Can you move the TLS termination to Traefik?

numToStr · April 28, 2020, 1:25pm

Thankyou so much for your suggestion.

I will try to move the TLS termination to traefik. Do I need to open the 443 port or It will work without that.

I am kinda new to this stuff. But traefik seems like fun.

SantoDE · April 28, 2020, 1:38pm

443 needs to be open

Topic		Replies	Views
Help with https redirection and infinite loop Traefik v2 docker , middleware	3	2992	January 26, 2023
HTTPS Redirection Default Traefik v2 docker , middleware	2	709	May 21, 2020
I can't set up redirect http to https Traefik v2 docker , middleware	2	266	July 1, 2024
Cannot get http -> https redirect to work properly Traefik v2 docker , middleware	3	1934	December 12, 2019
Redirect to https and redirect all requests to unavailable services to custom error page Traefik v2 middleware	4	1344	December 20, 2023

Traefik http to https redirection behind AWS ALB causes infinite loop and failing health checks

Related topics