Upon the release of 2.2 and the introduction of a global https redirect I have attempted to follow the documentation with a simple whoami service. Both Traefik and whoami are running in Docker. I expect that when I try to connect via port 80, I am redirected to port 443, this however, doesn't seem to be happening and I connect successfully via port 80. The files are as follows:
docker-compose.yaml
version: '3'
services:
traefik:
container_name: traefik
image: traefik:v2.2
restart: always
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
- ./traefik.yaml:/traefik.yaml:ro
- ./traefik_conf.yaml:/traefik_conf.yaml:ro
networks:
traefik:
external: true
dynamic config-traefik_conf.yaml
enable: true
tls:
options:
default:
minVersion: VersionTLS12
curvePreferences:
- secp521r1
- secp384r1
sniStrict : true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
mintls13:
minVersion: VersionTLS13
http:
routers:
api:
rule: Host(`traefik.my.domain`)
service: api@internal
middlewares:
- auth
middlewares:
compressor:
compress: {}
SecureSslHeaders:
headers:
#frameDeny: true
#contentSecurityPolicy: "default-src 'none'"
forceSTSHeader: true
sslRedirect: true
contentTypeNosniff: true
browserXssFilter: true
stsSeconds: 315360000
stsIncludeSubdomains: true
stsPreload: true
auth:
basicAuth:
users:
- "foo:bar"
static config-traefik.yaml
log:
level: DEBUG
api:
dashboard: true
providers:
docker:
exposedByDefault: false
file:
filename: /traefik_conf.yaml
entrypoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
http:
middlewares:
- SecureSslHeaders@file
- compressor@file
tls:
certResolver: letsencrypt
traefik:
address: :8080
certificatesResolvers:
letsencrypt:
acme:
email: admin@myemail.com
storage: /letsencrypt/acme.json
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
httpChallenge:
entryPoint: web
whoami compose file:
version: '3'
services:
whoami:
container_name: whoami
image: containous/whoami
command:
- --port=8082 # Our service listens on 8082
#restart: always
networks:
- traefik
labels:
- traefik.enable=true
- traefik.http.services.whoami.loadbalancer.server.port=8082
- traefik.http.routers.whoami.rule=Host(`whoami.my.domain`)
networks:
traefik:
external: true
Here is the log upon making a curl request on port 80 with: curl -vv http://whoami.my.domain
traefik | time="2020-05-16T08:27:09Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"User-Agent\":[\"curl/7.29.0\"],\"X-Forwarded-Host\":[\"whoami.my.domain\"],\"X-Forwarded-Port\":[\"80\"],\"X-Forwarded-Proto\":[\"http\"],\"X-Forwarded-Server\":[\"ea6c8888247f\"],\"X-Real-Ip\":[\"136.244.97.94\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"whoami.my.domain\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"136.244.97.94:55894\",\"RequestURI\":\"/\",\"TLS\":null}"
traefik | time="2020-05-16T08:27:09Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" ForwardURL="http://172.27.0.3:8082" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"User-Agent\":[\"curl/7.29.0\"],\"X-Forwarded-Host\":[\"whoami.my.domain\"],\"X-Forwarded-Port\":[\"80\"],\"X-Forwarded-Proto\":[\"http\"],\"X-Forwarded-Server\":[\"ea6c8888247f\"],\"X-Real-Ip\":[\"136.244.97.94\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"whoami.my.domain\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"136.244.97.94:55894\",\"RequestURI\":\"/\",\"TLS\":null}"
traefik | time="2020-05-16T08:27:09Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"*/*\"],\"User-Agent\":[\"curl/7.29.0\"],\"X-Forwarded-Host\":[\"whoami.my.domain\"],\"X-Forwarded-Port\":[\"80\"],\"X-Forwarded-Proto\":[\"http\"],\"X-Forwarded-Server\":[\"ea6c8888247f\"],\"X-Real-Ip\":[\"136.244.97.94\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"whoami.my.domain\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"136.244.97.94:55894\",\"RequestURI\":\"/\",\"TLS\":null}"
I'm not certain I have provided everything that can give insight, and it is my first post. Please let me know if there is something you would like me to add. Thanks for your time.
