Traefik serves traffic on port 80 over https

Traefik Traefik v2
1

Hello, I have inherited traefik deployment running on kubernetes, seems like installed using helm chart traefik-10.3.6, unfortunately I have no values file or anything, but I can view deployment and the args are as below:

- --global.checknewversion
- --global.sendanonymoususage
- --entryPoints.metrics.address=:9100/tcp
- --entryPoints.traefik.address=:9000/tcp
- --entryPoints.web.address=:8000/tcp
- --entryPoints.websecure.address=:8443/tcp
- --api.dashboard=true
- --ping=true
- --accesslog
- --accesslog.filepath=/data/access.log
- --accesslog.fields.defaultmode=keep
- --accessLog.fields.names.RequestHost=keep
- --accesslog.format=json
- --metrics.prometheus=true
- --metrics.prometheus.entrypoint=metrics
- --providers.kubernetescrd
- --providers.kubernetesingress
- --api.dashboard=true
- --log.level=INFO
- --providers.kubernetesingress.ingressclass=traefik-internal
- --serversTransport.insecureSkipVerify=true
- --providers.file.filename=/traefik/traefik.yaml

The image is traefik:2.5.3

Everything has been running smooth until we noticed that port 80 is accessible using https, so basically accessing https://example.com:80 opens up default 404 page not found

From traefik access.log -

{"ClientAddr":"10.10.39.11:55780","ClientHost":"10.10.39.11","ClientPort":"55780","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":203245,"OriginContentSize":19,"OriginDuration":28785,"OriginStatus":404,"Overhead":174460,"RequestAddr":"example.com:80","RequestContentSize":0,"RequestCount":795,"RequestHost":"example.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"80","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2024-06-26T12:43:00.08648126Z","StartUTC":"2024-06-26T12:43:00.08648126Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"web","level":"info","msg":"","time":"2024-06-26T12:43:00Z"}

Those are the IngressRoutes for this specific host (but happens on all the hosts)

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    meta.helm.sh/release-name: example
    meta.helm.sh/release-namespace: example-test
  labels:
    app.kubernetes.io/instance: example
    app.kubernetes.io/managed-by: Helm
  name: example-http
  namespace: example-test
spec:
  entryPoints:
  - web
  routes:
  - kind: Rule
    match: Host(`example.com`)
    middlewares:
    - name: example-redirect
    services:
    - name: nginx-app
      port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    meta.helm.sh/release-name: example
    meta.helm.sh/release-namespace: example-test
  labels:
    app.kubernetes.io/instance: example
    app.kubernetes.io/managed-by: Helm
  name: example
  namespace: example-test
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`example.com`)
    services:
    - name: nginx-app
      port: 80
  tls:
    options:
      name: tlsoptions

And here is the Middleware

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  annotations:
    meta.helm.sh/release-name: example
    meta.helm.sh/release-namespace: example-test
  labels:
    app.kubernetes.io/managed-by: Helm
  name: example-redirect
  namespace: example-test
spec:
  redirectScheme:
    permanent: true
    scheme: https

But seems like it does not even get to my ingressroute rule or any router. I would like to understand why does it even serve https over port 80 and how could I disable this?
Thanks!

2

Ok so when I edit example ingressroute and add - web to entryPoints, the https://example.com:80 now opens up my web app as it would when using just https://example.com

............
spec:
  entryPoints:
  - websecure
  - web
  routes:
,.........

What I still quite dont understand why would it think of https:// as a web entrypoint?