Traefik v2: 404 while routing HTTP traffic globally to HTTPS

mbaldi picture mbaldi · Nov 1, 2019 · Viewed 8k times · Source

I have the problem that I can route HTTPS traffic but I can not globally redirect the HTTP traffic to HTTPS. In my case I only want HTTPS traffic, so that I want to redirect all the incoming traffic.

Currently I get an 404 error while I try to serve my URLs over HTTP. I already enabled DEBUG logs in Treafik, but I can not see any problems or unnormal stuff in the logs.

Additionally I saw a pretty similar topic here on Stackoverflow, but we found out, that his error was not the same to mine: How to redirect http to https with Traefik 2.0 and Docker Compose labels?

The following setup is based on the blog entry here: https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d

My setup

I configured Traefik in my swarm like this:

global:
  checkNewVersion: false
  sendAnonymousUsage: false
api:
  dashboard: true
entryPoints:
  web:
    address: :80
  websecure:
    address: :443
providers:
  providersThrottleDuration: 2s
docker:
  watch: true
  endpoint: unix:///var/run/docker.sock
  swarmMode: true
  swarmModeRefreshSeconds: 15s
  exposedByDefault: false
  network: webgateway
log:
  level: DEBUG
accessLog: {}
certificatesResolvers:
  default:
    acme:
    email: {email}
    storage: /etc/traefik/acme/acme.json
    httpChallenge:
      entryPoint: web

And started Traefik with the following docker-compose file

version: '3'

services:
proxy:
    image: traefik:latest
    ports:
    - "80:80"
    - "443:443"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /data/docker_data/traefik/traefik-2.yml:/etc/traefik/traefik.yml
    - /data/docker_data/traefik/acme-2.json:/etc/traefik/acme/acme.json
    labels:
    # redirect
    - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
    - "traefik.http.routers.redirs.entrypoints=web"
    - "traefik.http.routers.redirs.middlewares=redirect-to-https"

My services are configured with the following labels:

traefik.http.routers.myapp.rule=Host(`myapp.ch`)
traefik.http.routers.myapp.service=myapp
traefik.http.routers.myapp.entrypoints=websecure
# I don't think that the following one is required here...
# traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
traefik.http.routers.myapp.tls.certresolver=default
traefik.http.services.myapp.loadbalancer.server.port=3000
traefik.http.routers.myapp.tls=true
traefik.enable=true

Any ideas why this is not working?

Answer

Lars picture Lars · Nov 2, 2019

You don't need to configure the Traefik service itself. On Traefik you only need to have entrypoints to :443 (websecure) and :80 (web)

Because Traefik only acts as entryPoint and will not do the redirect, the middleware on the target service will do that.

Now configure your target service as the following:

version: '2'
services:
  mywebserver:
    image: 'httpd:alpine'
    container_name: mywebserver
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.mywebserver-redirect-websecure.redirectscheme.scheme=https
      - traefik.http.routers.mywebserver-web.middlewares=mywebserver-redirect-websecure
      - traefik.http.routers.mywebserver-web.rule=Host(`sub.domain.com`)
      - traefik.http.routers.mywebserver-web.entrypoints=web
      - traefik.http.routers.mywebserver-websecure.rule=Host(`sub.domain.com`)
      - traefik.http.routers.mywebserver-websecure.tls.certresolver=mytlschallenge
      - traefik.http.routers.mywebserver-websecure.tls=true
      - traefik.http.routers.mywebserver-websecure.entrypoints=websecure
      # if you have multiple ports exposed on the service, specify port in the websecure service
      - traefik.http.services.mywebserver-websecure.loadbalancer.server.port=9000

So basically the flow goes like this:

Request: http://sub.domain.com:80 --> traefik (service) --> mywebserver-web (router, http rule) --> mywebserver-redirect-websecure (middleware, redirect to https) --> mywebserver-websecure (router, https rule) --> mywebserver (service)