I did this in my docker-compose to redirect, but this need to be done on every service to be exposed. this is no a catch all solution but you will get more controll over what is exposed on http and https.
whoami:
image: containous/whoami
labels:
# listen for http request and redirect to https
- "traefik.http.routers.whoami-http.middlewares=https-redirect@file"
- "traefik.http.routers.whoami-http.rule=Host(`whoami.example.test`)"
# listen for https requests and use forward auth.
# Terminate SSL, whoami doesnt listen on SSL traffic, whoami is listening on plain text unencrypted http connections.
# https://docs.traefik.io/v2.0/routing/routers/#tls
- "traefik.http.routers.whoami.tls"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.test`)"
- "traefik.http.routers.whoami.middlewares=forward-auth@file"
seems overly complicated and verbose, is it really needed to create two routers for each service?