Unable to redirect port 80 request to port 443

kitzune · February 1, 2024, 12:16am

Hey, I am trying to get used to traefik but I am unable to redirect to the whoami-service on 443. It always tries to connect to port 80.

docker-compose.yaml

version: '3.9'
services:
  traefik:
    container_name: traefik
    image: traefik:latest
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme_letsencrypt.json:/acme_letsencrypt.json
      - ./data/dynamic_conf.yml:/dynamic_conf.yml
      - ./data/traefik.log:/traefik.log:ro
    labels:
      traefik.enable: true
      traefik.http.routers.traefik.entrypoints: websecure
      traefik.http.routers.traefik.rule: Host(`traefik.domain.org`)
      traefik.http.routers.traefik.middlewares: default@file
      traefik.http.routers.traefik.tls: true
      traefik.http.routers.traefik.tls.certresolver: http_resolver
      traefik.http.routers.traefik.service: api@internal
      traefik.http.services.traefik.loadbalancer.sticky.cookie.httpOnly: true
      traefik.http.services.traefik.loadbalancer.sticky.cookie.secure: true
      traefik.docker.network: proxy
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy:
    hostname: traefik
    ports:
      - "80:80"
      - "443:443"
      
  

  whoami:
    env_file: .env
    image: "traefik/whoami"
    container_name: "whoami"
    labels:
      traefik.enable: true
      traefik.http.routers.whoami.entrypoints: websecure
      traefik.http.routers.whoami.rule: Host(`domain.org`)
      traefik.http.routers.whoami.tls: true
      traefik.http.routers.whoami.tls.certresolver: http_resolver
      traefik.docker.network: proxy
    networks:
      proxy:
    hostname: whoami
      

networks:
  proxy:
    name: proxy
    driver: bridge
    attachable: true

traefik.yaml

api:
  dashboard: true

certificatesResolvers:
  http_resolver:
    acme:
      email: "email"
      storage: "acme_letsencrypt.json"
      httpChallenge:
        entryPoint: web

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"

global:
  checknewversion: true
  sendanonymoususage: false

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: "proxy"
  file:
    filename: "./dynamic_conf.yml"
    watch: true
  providersThrottleDuration: 10

log:
  level: DEBUG
  filePath: /traefik.log

dynamic_conf.yaml

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true

http:
  # routers:
  #   whoami:
  #     rule: "Host(`whoami`)"
  #     service: whoami

  middlewares:
    default:
      chain:
        middlewares:
          - default-security-headers
          - gzip

    secHeaders:
      chain:
        middlewares:
          - default-security-headers
          - gzip

    default-security-headers:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        frameDeny: true
#       Deprecated
#       sslRedirect: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"
    gzip:
      compress: {}

Log-Output for GET on domain.org

traefik  | time="2024-02-01T01:02:19+01:00" level=debug msg="'502 Bad Gateway' caused by: dial tcp 172.24.0.3:80: connect: connection refused"

Whoami-Service is running on port 443 (i changed the port to 80 again for testing and then it works).

Can anyone see the reason? I thought of the entryPoints.web.http.redirections.entryPoint.to part but it is set to websecure so it should be redirected to port 443 of service x I guess?

Thanks in advance.

bluepuma77 · February 1, 2024, 8:33am

Compare to working simple Traefik example. I recommend to enable TLS globally on entrypoint and then use entrypoints: websecure on routers, if not using Traefik v3.

kitzune · February 1, 2024, 11:18am

Thanks for this. First had to take over the inline config into the yaml base one. Always thought the behind the middleware or routers location has to do with the service name of the container. I was wrong as I see now.

BTW: I also learned the I can change the required port with the loadbalancer.server.port entry under the named .

system · February 4, 2024, 11:19am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
V2.2 http->https global redirection not working with whoami example (docker) Traefik v2 docker	2	645	May 17, 2020
Traefik v2 configuration does not work Traefik v2 docker	1	431	May 16, 2020
Can't access to whoami on my test server Traefik v3 (latest) docker	1	24	October 6, 2024
Redirect HTTPS (443) to HTTP (80)? Traefik v2 Traefik v2 docker	3	4764	October 8, 2020
Can't redirect to custom port container Traefik v2 docker	2	430	February 5, 2024

Unable to redirect port 80 request to port 443

Related topics