Found Traefik not too long ago and decided to start playing with it yesterday; it's kinda been a rollercoaster of Google searches haha.
Anyways, I'm mostly set up at this point, but one of the weirder issues I've got left to kind of figure out is how to handle the http->https redirection as correctly, if I try anything, one of two things happens
- I get a 404
- My browser responds with a message suggesting the redirect failed somehow.
From what I've seen there are a few ways to handle the redirect
- using a middleware
traefik.http.middlewares.<middleware name>.redirectscheme.scheme=https
traefik.http.middlewares.<middleware name>.redirectscheme.permanent=true
traefik.http.routers.<route name>.middlewares=<middleware name>
(I have seen people use the above in conjunction with declaring 2 separate http and https routes but that doesn't seem to work either)
- using an explicit (global?) redirect when setting up
- --entrypoints.<entry point name>.http.redirections.entrypoint.to=<https entrypoint name>
- --entrypoints.<entrypoint name>.http.redirections.entrypoint.scheme=https
(sorry for the mix up in syntaxes, assume all of this is in the compose file)
In conjunction with the above, I have seen configs that tell a service to use a particular entry point like so
traefik.http.routers.<route name>.entrypoints=<https entry point>
which also causes one of the above issues.
I am finding that, with Tunnels at least, redirects are causing issues. If I remove the redirect instructions, things seem to work and as far as I can tell, are connecting via https.
I was hoping someone more experienced than me could try to explain what is/isn't necessary. I've seen a couple of tunnel focused configs do explicit redirects somehow so I'm not sure what the correct way of handling things is. Everything else like cert generation seems to be working.
I can cobble together a sample config if this isn't enough to go on.
EDIT: It seems that adding
--entrypoints.<endpoint>.forwardedHeaders.insecure=true
does the trick and fixes things. That said, I'm kind of curious what's going on behind the scenes; based on the name alone and from what I understand of the function, it's not necessarily a great idea to enable?(though in this case it might not matter since we know the traffic is coming from cloudflare)
Thank you!