V2.2.8 Global redirect www to non-www with http to https

Hi,
I want to use my domain like https://domain.com due to SEO / Canonical URL.

Also, I need to support who comes with http and www like:

• http://www.domain.com or http://domain.com
• https://www.domain.com

Final URL should be like this: https://domain.com

I upgraded these yml files from v2.0 to v2.2.8.

This is traefik.yml file

api:
    dashboard: true

  # writing Logs to a File, in JSON
  log:
    level: DEBUG
    filePath: "log-file.log"
    format: json

  # configuring a buffer of 100 lines
  accessLog:
    filePath: "log-access.log"
    bufferingSize: 100  

  entryPoints:
    http:
      address: ":80"
    https:
      address: ":443"

  providers:
    docker:
      endpoint: "unix:///var/run/docker.sock"
      exposedByDefault: false

  certificatesResolvers:
    http:
      acme:
        email: email@email.com
        storage: acme.json
        httpChallenge:
          entryPoint: http

This is traefik v2.2.8 docker-compose.yml file.

version: "3.7"

services:
  traefik:
    image: traefik:v2.2.8
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml:ro
      - ./acme.json:/acme.json
    command:
      - --entrypoints.webinsecure.address=:80
      - --entrypoints.webinsecure.http.redirections.entrypoint.to=websecure
      - --entrypoints.webinsecure.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
    labels:
      - "traefik.enable=true"
      # global redirection: https (www.) to https
      - "traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\\.).+}`)"
      - "traefik.http.routers.wwwsecure-catchall.entrypoints=websecure"
      - "traefik.http.routers.wwwsecure-catchall.tls=true"
      - "traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps"
      # middleware: http(s)://(www.) to  https://
      - "traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\\.)?(.+)"
      - "traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}"
      - "traefik.http.middlewares.wwwtohttps.redirectregex.permanent=true"
      # v2.2.8 config
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=password"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      # gzip compression
      - "traefik.http.routers.traefik.middlewares=traefik-compress"
      - "traefik.http.middlewares.traefik-compress.compress=true"

networks:
  proxy:
    external: true

This is container's docker-compose.yml file.

version: '3.7'

services:
    bodrum-web:
      image: docker-image-url
      container_name: bodrum-web
      restart: unless-stopped
      security_opt:
        - no-new-privileges:true
      networks:
        - proxy
      volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./data:/data
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.bodrum-web.entrypoints=http"
        - "traefik.http.routers.bodrum-web.rule=Host(`domain.com`) || Host(`www.domain.com`)"
        - "traefik.http.middlewares.bodrum-web-https-redirect.redirectscheme.scheme=https"
        - "traefik.http.routers.bodrum-web.middlewares=bodrum-web-https-redirect"
        - "traefik.http.routers.bodrum-web-secure.entrypoints=https"
        - "traefik.http.routers.bodrum-web-secure.rule=Host(`domain.com`) || Host(`www.domain.com`)"
        - "traefik.http.routers.bodrum-web-secure.tls=true"
        - "traefik.http.routers.bodrum-web-secure.tls.certresolver=http"
        - "traefik.http.routers.bodrum-web-secure.service=bodrum-web"
        - "traefik.http.services.bodrum-web.loadbalancer.server.port=80"
        - "traefik.docker.network=proxy"
        # gzip compression
        - "traefik.http.middlewares.bodrum-compress.compress=true"
        - "traefik.http.routers.bodrum-web.middlewares=bodrum-compress"

networks:
  proxy:
    external: true

Hi @fatihyildizhan

You already have the http to https redirect covered:

Then add a router and middleware on the traefik container:
From Global redirect www to non-www with HTTPS redirection - #9 by ldez - Traefik v2 (latest) - Traefik Labs Community Forum

   # Global redirection: https (www.) to https
      traefik.http.routers.wwwsecure-catchall.rule: HostRegexp(`{host:(www\.).+}`)
      traefik.http.routers.wwwsecure-catchall.entrypoints: websecure
      traefik.http.routers.wwwsecure-catchall.tls: true
      traefik.http.routers.wwwsecure-catchall.middlewares: wwwtohttps

      # middleware: http(s)://(www.) to  https://
      traefik.http.middlewares.wwwtohttps.redirectregex.regex: ^https?://(?:www\.)?(.+)
      traefik.http.middlewares.wwwtohttps.redirectregex.replacement: https://${1}
      traefik.http.middlewares.wwwtohttps.redirectregex.permanent: true

Hi @cakiwi , I have the exactly same configuration. It is not working. That's why I shared full configuration. There should be something wrong but I couldn't find / fix it.

I hope you may help me to solve this.

Maybe @zespri can help me to solve this. I created a new topic as we talked on the other topic.

Thank you for your time

According to the documentation:

There are three different, mutually exclusive (e.g. you can use only one at the same time), ways to define static configuration options in Traefik:

1. In a configuration file
2. In the command-line arguments
3. As environment variables

You seem to mix command line and configuration file, could you please fix, re-test, and post updated configs. Thanks you in advance!

I wish I could. I couldn't understand the tutorials. That's why I stuck and not able to solve this issue. I asked the community. I hope someone can help me.

Thank you for your time.

Sure. What particular problem / issue are you having that preventing you from doing the suggested update? What in particular in traefik documentation you do not understand? I hope I can explain that, you just need to tell me where the problem is.

Hi @zespri . I have basic knowledge about Server, Traefik, Networking etc. Documentation is not suitable for my level. I am not able to change configuration by reading the documentation. I am just using the simple configuration and want to redirect http and www to https://blueway.app for canonical SEO problem.

I changed configuration from the previous post that I already mentioned you. But, I couldn't solve it. That's why I am asking for help from you. If I was able to achieve the goal then I won't ask people and take their time.

I am writing here, because I need help. I spend so much time and couldn't do it.

Thank you for your time.

I can help you, if I know what is the particular problem you need help with. The problem that I see with your configuration I identified in my post earlier in this thread in the same post, I explained what need to be changes to fix this problem. Once you've done that and posted your results, we can proceed onto the next issue until we get this resolved.

It appears that you have problems with doing the change requested but it is not unclear what that problem is.

You wrote:

Documentation is not suitable for my level. I am not able to change configuration by reading the documentation.

I would like to know what particular problem do you have that is in the way. From my own experience if I cannot change configuration by reading documentation, this is most likely because I do not understand the documentation. In this case I usually can identify what is that, that I have trouble getting my head around, and what does not make sense.

If we could find out that, we could get that answered and move further.

I don't know how to fix mutually exclusive. So, I couldn't do the change that you requested from me.

Regex looks like this but it's not working

Mutually exclusive means that it should use either one or the other, you cannot use both. Since you have more in the config file as compared to the command line, I suggest that you fix this by moving the command line parameters to the config. The format is of course different, so the reference could be helpful:

• For command line: Traefik CLI Flags Documentation - Traefik
• For file: Traefik File Static Configuration - Traefik

Is there any news on v2.3?

It's now out. https://traefik.io/traefik/

I know exactly how you feel. Regardless of how hard I try I just can't wrap my head around this stuff, so the documentation is useless to me. Basically I just copy and paste code pieces from examples and problems and then after weeks of messing around something will just work... and I will have no idea why .

I must have stumbled on this and used it weeks ago trying to get global redirection working properly because this is what my code looks like. I thought it was working great as my existing websites are redirecting as expected though there is a pretty big catch that I can't figure out. Spent the last week trying to get Wordpress working on HTTPS with no success to finally realise that the LE Certificate isn't being created, so weeks looking in the complete wrong spot .
What I have found is that while global redirection now works great, any 'new' services (including whoami) are not having certificates created and I can't for the life of me figure out why.

Here's my code and I'm hoping like hell someone can help my figure out how I broke the certificates:

version: "3.8"

volumes:
  letsencrypt:
  logs:

networks:
  traefik-public:
    external: true

services:

  traefik:
    image: traefik:2.4.12
    networks:
      - traefik-public
    command:
      # Enable Docker swarm; Enable Docker in Traefik
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=traefik-public
      # Entrypoints and Global http->https redirection 
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      # Global TLS (Let's Encrypt)
      - --entrypoints.websecure.http.tls=true
      # Let's Encrypt SSL
      - --certificatesresolvers.leresolver.acme.email=my@email.com
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      # Enable dashboard
      - --api.dashboard=true
      # Logging (Level: DEBUG, ERROR, INFO)
      - --log.level=DEBUG
      - --log.filePath=/logs/traefik.log
      - --log.format=json
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - letsencrypt:/letsencrypt
      - logs:/logs
      # Let Traefik listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        traefik.enable: "true" # Required if containers not exposed by default
        # Global redirection: https://www -> https://
        traefik.http.routers.wwwsecure-catchall.rule: hostregexp(`{host:(www\.).+}`)
        traefik.http.routers.wwwsecure-catchall.entrypoints: websecure
        traefik.http.routers.wwwsecure-catchall.tls: "true"
        traefik.http.routers.wwwsecure-catchall.middlewares: wwwtohttps
        ## Redirection middleware: https://www ->  https:// (http->https redirection at entrypoint level)
        traefik.http.middlewares.wwwtohttps.redirectregex.regex: ^https?://(?:www\.)?(.+)
        traefik.http.middlewares.wwwtohttps.redirectregex.replacement: https://$${1}
        traefik.http.middlewares.wwwtohttps.redirectregex.permanent: "true"
        # UI Dashboard
        traefik.http.routers.traefik.rule: "Host(`traefik.mywebsite.com`)"
        traefik.http.routers.traefik.service: api@internal
        traefik.http.routers.traefik.middlewares: auth-traefik
        traefik.http.services.traefik.loadbalancer.server.port: 8080 # Port used by service (Docker Swarm requirement, defined in image)
        ## Basic Auth
        traefik.http.middlewares.auth-traefik.basicauth.users: "user:SomeRandomStringHashThing"

  whoami:
    image: containous/whoami:v1.3.0
    networks:
      - traefik-public
    deploy:
      labels:
        traefik.enable: "true" # Required if containers not exposed by default
        # Host & Entrypoint
        traefik.http.routers.whoami.rule: "Host(`traefik-whoami.mywebsite.com
        traefik.http.routers.whoami.middlewares: auth-whoami
        traefik.http.services.whoami.loadbalancer.server.port: 80 # Port used by service (Docker Swarm requirement, defined in image)
        ## Basic Auth Middleware
        traefik.http.middlewares.auth-whoami.basicauth.users: "user:SomeOtherRandomStringHashThing"

Thanks for any help someone can offer.

Ignore the last post, I figured it out for myself. Turns out that in the process of changing to using global code, I had removed the following line:
traefik.http.routers.abk-whoami-2.tls.certresolver: leresolver
When trying to fix this issue the other day I had been putting http as the resolver not leresolver, that will teach me to dig back through Git for my old code rather than copying and pasting someone else's .

Hi @mindgonemad Can you please share your www to non www config? I'm confused about this line. traefik.http.routers.abk-whoami-2.tls.certresolver: leresolver

Thank you for your time.

It was from a seperate docker stack that had it's own "who am I". What I should have written was: traefik.http.routers.whoami.tls.certresolver: leresolver

WARNING: I thought I had this working but I'm running into issues as I tried getting Wordpress running using it and neither the https or www redirects are working yet the "who am I"'s seemed work last I checked. Honestly not sure what's going on or how to resolve it and haven't been able to spend much time due to health issues.