Traefik Routers - SSL Redirect + Port 80 for specific Sites

I currently have a Traefik setup for Reverse Proxying simple Docker containers, forcing all traffic to port 443 over SSL.

See below for my traefik.toml file:

  [entryPoints.http]
    address = ":80"

  [entryPoints.http.http]
   [entryPoints.http.http.redirections]
      [entryPoints.http.http.redirections.entryPoint]
        to = "https"
        scheme = "https"

 [entryPoints.https]
    address = ":443"

This is fine for almost all my sites as they're all HTTPS compatible and work. However I've got an older site based on an old outdated framework that doesn't support SSL / HTTPS access (a ton of the resources break).

Thus, I need to be able to host that one site directly on port 80 with an http:// prefix.

Usually, I use the following Docker Tags to achieve the forwarding I want:

  • traefik.http.middlewares.site.headers.customrequestheaders.X-Forwarded-Proto -> https
  • traefik.http.routers.site.entrypoints -> https
  • traefik.http.routers.site.rule -> Host(site.com) || Host(www.site.com)
  • traefik.http.routers.site.tls -> true
  • traefik.http.routers.site.tls.certresolver -> letsencrypt
  • traefik.http.routers.site.tls.domains[0].main -> site.com
  • traefik.http.routers.site.tls.domains[0].sans -> www.site.com
  • traefik.http.services.site.loadbalancer.server.port -> 80

The above obviously work for the https site, tweaking / removing the TLS tags and just serving the site over http however don't work given the router redirect in the Traefik.toml file. My question is how can I achieve the same forced over 443 for most sites while bypassing the redirect for the specific legacy site in question?

Thank you for your help,
C

I'm trying to achieve this same goal. I have a local container that I want redirect but on port 80 to the internal Docker port.

This may very well be the answer:
I'll be trying this later tonight:

The solution: domain-specific HTTP redirection

What we need to do is instruct Traefik to not redirect all HTTP connections to HTTPS, but only those that we can access from the internet. The connections that stay in the house should remain HTTP connections.

https://yarmo.eu/blog/traefik-http-https/