Maurice Müller
Maurice Müller

Reputation: 1490

Redirect HTTP to HTTPS on localhost

I want to have a dev setup on my local machine to more easily test new versions of my programm - it's a server/client application. The client does need SSL and so I want to have traefik as a proxy to the (local) server which will use a self signed certificate.

I managed to get a connection without SSL but as soon as I enable HTTPS / Redirecting, traefik only responses with "backend not found" "/" 0ms.

The SSL certificate is valid according to my browsers.

Here is my setup:

traefik.toml

[docker]
watch = true
exposedByDefault = false

logLevel = "DEBUG"
defaultEntryPoints = ["https", "http"]

[accessLog]
[traefikLog]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
      ca = "etc/traefik/ca.cert.pem"
      certFile = "/etc/traefik/dev-cert.pem"
      keyFile = "/etc/traefik/dev-key.nopass.pem"

# API definition
[api]
entryPoint = "traefik"
dashboard = true

docker-compose.yaml

version: '3'
services:
  edv-reverse-proxy:
    image: traefik
    container_name: edv-reverse-proxy
    expose:
      - 8080
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ./traefik/dev-cert.pem:/etc/traefik/dev-cert.pem
      - ./traefik/dev-key.nopass.pem:/etc/traefik/dev-key.nopass.pem
      - ./traefik/ca.cert.pem:/etc/traefik/ca.cert.pem
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - proxy

  whoami:
    image: emilevauge/whoami
    expose:
      - 80
    labels:
      - traefik.enable=true
      - "traefik.frontend.rule=Host:whoami.test"
      - traefik.port=80
    networks:
      - proxy

networks:
  proxy:
    external: true

/etc/hosts

127.0.0.1       whoami.test

If I disable the whole entrypoints section I can connect to the service with whoami.test like expected. I tried a lot of different settings which didn't seem to have any effect.

So if anyone knows how to solve this I would be really glad!

Upvotes: 2

Views: 4762

Answers (2)

8ear
8ear

Reputation: 11

For a traefik v2.1 default router http to https redirect you can do the following:

traefik:
    image: traefik:v2.1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 80:80
      - 443:443
    labels:
      - "traefik.enable=true"
      ### Default HTTP Router
      - "traefik.http.routers.default-http2https.rule=HostRegexp(`{subdomain:[a-z,0-9]+}.example.com`)"
      - "traefik.http.routers.default-http2https.entrypoints=http"
      - "traefik.http.routers.default-http2https.middlewares=https-redirect@file"
      ### SSL
      - "traefik.http.routers.frontend.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.frontend.entrypoints=https"
      - "traefik.http.routers.frontend.tls.certresolver=example.com"
      - "traefik.http.routers.frontend.tls.domains[0].main=example.com"
      - "traefik.http.routers.frontend.tls.domains[0].sans=*.example.com"
      - "traefik.http.routers.frontend.service=api@internal"

I found the solution here: https://docs.traefik.io/routing/routers/#rule

Upvotes: 1

ldez
ldez

Reputation: 3130

Fields order is important in toml:

logLevel = "DEBUG" # <---
defaultEntryPoints = ["https", "http"] # <---

[accessLog]
[traefikLog]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
      ca = "etc/traefik/ca.cert.pem"
      certFile = "/etc/traefik/dev-cert.pem"
      keyFile = "/etc/traefik/dev-key.nopass.pem"

# API definition
[api]
entryPoint = "traefik"
dashboard = true

[docker]
watch = true
exposedByDefault = false

Upvotes: 1

Related Questions