Reputation: 588
How to enable frontend HTTPS by Traefk in Azure Service Fabric container
My backend service is in a Docker container hosted in Azure Service Fabric. And the service is stateful. So we use Traefik to convert the stateful request to stateless. To achieve this, Traefik forwards the request from frontend to our backend. It works fine when it is using HTTP. Now we have to enable HTTPS on the front end.
I've configured the HTTPS for Azure Service Fabric. When I login a cluster node, I can visit my backend service by private IP. But I can't visit my service from the configured domain. The Traefik log shows "backend not found". I'm using self-signed certificate. And here is my configuration:
[traefikLog]
filePath = "log/traefik.log"
format = "json"
logLevel = "DEBUG"
# Enable debug mode
#
# Optional
# Default: false
#
debug = true
# Traefik logs file
# If not defined, logs to stdout
#
# Optional
#
#traefikLogsFile = "log/traefik.log"
# Log level
#
# Optional
# Default: "ERROR"
#logLevel = "DEBUG"
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "[email protected]"
storage = "acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "domain1.azure.com"
[[acme.domains]]
main = "domain2.azure.com"
[entryPoints.traefik]
address = ":8080"
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
[accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
filePath = "log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# API definition
################################################################
[api]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
entryPoint = "traefik"
# Enabled Dashboard
#
# Optional
# Default: true
#
dashboard = true
# Enable debug mode.
# This will install HTTP handlers to expose Go expvars under /debug/vars and
# pprof profiling data under /debug/pprof.
# Additionally, the log level will be set to DEBUG.
#
# Optional
# Default: false
#
debug = true
################################################################
# Service Fabric provider
################################################################
# Enable Service Fabric configuration backend
[servicefabric]
filename = "custom_config_template.tmpl"
debugLogGeneratedTemplate = true
# Service Fabric Management Endpoint
clustermanagementurl = "https://localhost:19080"
# Note: use "https://localhost:19080" if you're using a secure cluster
# Service Fabric Management Endpoint API Version
apiversion = "3.0"
refreshSeconds = 10
# Enable TLS connection.
#
# Optional
#
[serviceFabric.tls]
cert = "certs/servicefabric.crt"
key = "certs/servicefabric.key"
insecureskipverify = true
# Enable REST Provider.
[rest]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
entryPoint = "traefik"
Here are some questions I don't understand:
In the dashboard, why is the frontend still HTTP not HTTPS?
Why can't I visit my service from domain https://domain1.azure.com?
Do I have to enable https for my backend service also? Right now, I've done this but I think this could be unnecessary, because https or http for my backend service only matters when Traefik call my backend. But we just need enable https when Traefik frontend is called. Am I right?
Anyway, since I've enabled https for my backend service also, do I have to bind my backend service to the same certificate that I configured in [entryPoints.https.tls]?
Upvotes: 0
Views: 571
Answers (1)
Reputation: 588
The issue is caused by my deployment. After I had updated the configuration, I only redeployed Traefik service.
- I have to redeployed both Traefik and backend service.
- Some reason as question 1.
- Backend https is unnecessary.
- No.
Upvotes: 1
Related Questions
- Allow both http and https with Traefik on Docker
- Traefik for Kubernetes in Azure (redirect to https for the frontend)
- Traefik not generating TLS certificate (Error 401)
- Setting up Traefik with Cloudflare
- Traefik with Service Fabric -- failed to connect to Service Fabric server
- Force HTTPS with Traefik
- Traefik doesn't create the Let's Encrypt certificate for Service Fabric
- Service Fabric ServiceManifest parameterization Traefik Reverse Proxy
- Traefik: HTTPS access between applications does not work
- Add https to Service Fabric Web Api