I've been using Traefik v2.0 for a while and had working "http to https" redirection using middlewares using the following configuration
docker-compose.yml:
version: '3'
services:
app:
image: containous/whoami
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.middlewares.https-redirect.redirectScheme.scheme=https"
- "traefik.http.routers.http.rule=Host(`service.example.com`)"
- "traefik.http.routers.https.rule=Host(`service.example.com`)"
- "traefik.http.routers.https.tls=true"
- "traefik.http.routers.http.middlewares=https-redirect@docker"
networks:
- default
- proxy
networks:
proxy:
external: true
traefik.toml
[log]
level = "ERROR"
[api]
dashboard = true
insecure = true
[serversTransport]
insecureSkipVerify = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[http]
[http.routers.http]
entryPoints = ["web"]
[http.routers.https]
entryPoints = ["websecure"]
[http.routers.https.tls]
certResolver = "default"
[providers]
providersThrottleDuration = "2s"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[certificatesResolvers]
[certificatesResolvers.default.acme]
email = "email@example.com"
storage = "/config/acme.json"
[certificatesResolvers.default.acme.httpChallenge]
entryPoint = "web"
The problem with it is that I need to specify the same labels for every service which is too much clutter.
Then I found this thing and decided to switch to Traefik v2.2 and move my https redirection to a global config traefik.toml but it's giving me 404 when I try to access the service. Here is my current conf:
docker-compose.yml
version: '3'
services:
app:
image: containous/whoami
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.http.rule=Host(`service.example.com`)"
- "traefik.http.routers.https.rule=Host(`service.example.com`)"
networks:
- default
- proxy
networks:
proxy:
external: true
traefik.toml
[log]
level = "ERROR"
[api]
dashboard = true
insecure = true
[serversTransport]
insecureSkipVerify = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
[entryPoints.websecure]
address = ":443"
[http]
[http.routers.http]
entryPoints = ["web"]
[http.routers.https]
entryPoints = ["websecure"]
[http.routers.https.tls]
certResolver = "default"
[providers]
providersThrottleDuration = "2s"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[certificatesResolvers]
[certificatesResolvers.default.acme]
email = "email@example.com"
storage = "/config/acme.json"
[certificatesResolvers.default.acme.httpChallenge]
entryPoint = "web"
What am I missing? (Traefik 2.2 works with my old middlewares based config)