Use traefik middleware globally

Question

i am trying to declare https redirect inside the traefik.yml file. For now i tried to add those rules inside the traefik service in docker-compose.yml. That worked like a charm. Although i'd prefer to configure this global and middleware redirect inside the traefik.yml file and then just reference it in the traefik service on docker-compose.yml.

What i had before

version: '3'

networks:
  web:
    external: true

services:
  traefik:
    image: traefik:v2.1
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./.traefik/traefik.yml:/traefik.yml
      - ./.traefik/acme.json:/acme.json
    networks:
      - web
    labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik.rule=Host(`$HOSTNAME`)"
       - "traefik.http.routers.traefik.service=api@internal"
       - "traefik.http.routers.traefik.tls.certresolver=le"
       - "traefik.http.routers.traefik.entrypoints=https"
       # Global redirect to https
       - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
       - "traefik.http.routers.http-catchall.entrypoints=http"
       - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
       # Middleware redirect
       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

That worked easily and redirected all other domains from http to https.

What i want now

I want to declare those redirects inside the traefik.yml.

So far i have done this.

api: {}

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

log:
  level: DEBUG

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: web

http:
  # Global redirect to https
  routers:
    http-catchall:
      rule: hostregexp(`{host:.+}`)"
      entrypoints:
        http
      middlewares:
        - redirect-to-https
  # Middleware redirect
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https

certificatesResolvers:
  le:
    acme:
      email: john@doe.com
      storage: acme.json
      # Activate for Development: Certificate will not be valid. It's only for testing if it can be obtained.
      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      httpChallenge:
        entryPoint: http

As you can see i declared the http settings.

My question is now how can i reference those settings into my traefik service?

I tried it with

- "traefik.http.middlewares=redirect-to-https"

- "traefik.http.middlewares.redirect-to-https"

- "traefik.http.middlewares.traefik=redirect-to-https@file"

None of them work. Some show the middleware in the dashboard but it is not linked to any settings.

Did anyone find a solution to this? I can't get out anything from the docs about this. I think it must be linked somehow to the @file.

Thank you

Answer 1

In fact, you don't need to set this middleware to traefik in labels block. If you have such configuration in your traefik.yml:

http:
  routers:
    http-catchall:
      rule: hostregexp(`{host:.+}`)
      entrypoints:
        - http
      middlewares:
        - redirect-to-https

  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: false

It means - all traffic which came to entrypoint http should use middleware redirect-to-https and be redirected to another entrypoint: https. This configuration is globally.

So, you just have to set your container to https entrypoint (as you did, in your example)

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.traefik.entrypoints=https"
  - "traefik.http.routers.traefik.rule=Host(`traefik.mydomain.ua`)"
  - "traefik.http.routers.traefik.tls=true"
  - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
  - "traefik.http.routers.traefik.service=api@internal"

Answer 2

@file means that the middleware was defined in the file provider.

You can add a file provider like this in traefik.yml.

providers:
  file:
    directory: "/path/to/dynamic/conf"

Create a file in that directory with the middleware.

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https

You can now reference redirect-to-https@file in your labels.

- "traefik.http.middlewares.traefik=redirect-to-https@file"

NOTE: Some of your configuration in traefik.yml might need to be moved to your new yml file. I am new to Traefik and have not full knownlegde of why yet.

See the following sections in documentation:

• https://docs.traefik.io/middlewares/overview/#provider-namespace
• https://docs.traefik.io/providers/file/