Reputation: 1490
I want to have a dev setup on my local machine to more easily test new versions of my programm - it's a server/client application. The client does need SSL and so I want to have traefik as a proxy to the (local) server which will use a self signed certificate.
I managed to get a connection without SSL but as soon as I enable HTTPS / Redirecting, traefik only responses with "backend not found" "/" 0ms.
The SSL certificate is valid according to my browsers.
Here is my setup:
traefik.toml
[docker]
watch = true
exposedByDefault = false
logLevel = "DEBUG"
defaultEntryPoints = ["https", "http"]
[accessLog]
[traefikLog]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
ca = "etc/traefik/ca.cert.pem"
certFile = "/etc/traefik/dev-cert.pem"
keyFile = "/etc/traefik/dev-key.nopass.pem"
# API definition
[api]
entryPoint = "traefik"
dashboard = true
docker-compose.yaml
version: '3'
services:
edv-reverse-proxy:
image: traefik
container_name: edv-reverse-proxy
expose:
- 8080
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- ./traefik/dev-cert.pem:/etc/traefik/dev-cert.pem
- ./traefik/dev-key.nopass.pem:/etc/traefik/dev-key.nopass.pem
- ./traefik/ca.cert.pem:/etc/traefik/ca.cert.pem
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- /var/run/docker.sock:/var/run/docker.sock
networks:
- proxy
whoami:
image: emilevauge/whoami
expose:
- 80
labels:
- traefik.enable=true
- "traefik.frontend.rule=Host:whoami.test"
- traefik.port=80
networks:
- proxy
networks:
proxy:
external: true
/etc/hosts
127.0.0.1 whoami.test
If I disable the whole entrypoints section I can connect to the service with whoami.test like expected. I tried a lot of different settings which didn't seem to have any effect.
So if anyone knows how to solve this I would be really glad!
Upvotes: 2
Views: 4762
Reputation: 11
For a traefik v2.1 default router http to https redirect you can do the following:
traefik:
image: traefik:v2.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 80:80
- 443:443
labels:
- "traefik.enable=true"
### Default HTTP Router
- "traefik.http.routers.default-http2https.rule=HostRegexp(`{subdomain:[a-z,0-9]+}.example.com`)"
- "traefik.http.routers.default-http2https.entrypoints=http"
- "traefik.http.routers.default-http2https.middlewares=https-redirect@file"
### SSL
- "traefik.http.routers.frontend.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.frontend.entrypoints=https"
- "traefik.http.routers.frontend.tls.certresolver=example.com"
- "traefik.http.routers.frontend.tls.domains[0].main=example.com"
- "traefik.http.routers.frontend.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.frontend.service=api@internal"
I found the solution here: https://docs.traefik.io/routing/routers/#rule
Upvotes: 1
Reputation: 3130
Fields order is important in toml:
logLevel = "DEBUG" # <---
defaultEntryPoints = ["https", "http"] # <---
[accessLog]
[traefikLog]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
ca = "etc/traefik/ca.cert.pem"
certFile = "/etc/traefik/dev-cert.pem"
keyFile = "/etc/traefik/dev-key.nopass.pem"
# API definition
[api]
entryPoint = "traefik"
dashboard = true
[docker]
watch = true
exposedByDefault = false
Upvotes: 1