Unable to get HTTPS using Traefik as reverse proxy

Traefik Traefik v2
1

My setup is easy. I have an application and, instead of accessing it directly by exposing its ports, I want to use Traefik. This is my docker-compose.yml file:

version: "3.8"

services:
  traefik:
    image: traefik:v2.9.1
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.web-secure.address=:443 
      - --providers.docker=true
      - --providers.file.directory=/config/
      - --providers.file.watch=true

    ports:
      - "80:80"
      - "443:443"
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
      - type: bind
        source: ./config
        target: /config/

  my_app:
    image: nginx:1.23.1
    volumes:
      - ./update/nginx.conf:/etc/nginx/conf.d/default.conf
      - ./update/ssl:/certs/
    labels:
      - "traefik.http.routers.my_app.rule=Host(`update.code.es`)"

and my nginx.conf file is just:

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;

   server_name update.code.es;

   ssl_certificate /certs/update.code.es.crt;
   ssl_certificate_key /certs/update.code.es.key;

   access_log /access.log;
   error_log /error.log;

   return 200 "This is the TLS place\n";
}
server {
   listen 80;
   listen [::]:80;

   access_log /access.log;
   error_log /error.log;

   server_name update.code.es;
   return 200 "This is the NON-TLS place\n";
}

finally, the config folder contains the private key and the certificate of my update service and the certificates.ymlfile:

tls:
  certificates:
    - certFile: /config/marketplace.com.crt
      keyFile: /config/marketplace.com.key

If I launch my update app (exposing the ports, of course), I can access HTTP and HTTPS:

$ curl http://update.code.es
This is the NON-TLS place
$ curl https://update.code.es
This is the TLS place

If I launch the docker-compose as shown above, docker compose up I can still access HTTP but I get the following with HTTPS:

$ curl https://update.code.es
404 page not found

Although, I have been working the whole weekend on this, reading the documentation and checking examples, I haven't found the solution for this. I don't want Traefik to make any redirection to https, I don't need Let's Encrypt or any other credentials resolvers ... I just want Traefik to pass my https request to my update container as it is. So, the label:

 - "traefik.http.routers.my_app.rule=Host(`update.code.es`)"

should be enough. Most probably, I am not understanding at all how Traefik works. Please, somebody could help? Thanks.

2

Which container should decode your TLS connection? Traefik does TLS and your app only plain HTTP?

  1. enable TLS for entrypoint
  2. indicate loadbalancer port 80 via your app labels
3

Thank you very much for your answer bluepuma77. I'm still struggling with it. Reading my question again, I realize that I put a bad example. I just have a bunch of Docker containers listening at port 443. For them, I have signed certificates by a local CA, I am in an air gaped network. I just want Traefik to behave like a transparent proxy that forwards external requests to the appropriate container for example using a rule like "traefik.http.routers.my_app.rule=Host(update.code.es)".