I'm using default redirection(below config) under command section.
command:
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
But it is not working. when I type traefik.example.com/dashboard/ in brower then I'm excepting it to redirect to https://traefik.example.com/dashboard/.
config file
version: '3.8'
services:
traefik:
image: "traefik:v2.2.1"
hostname: traefik
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
placement:
constraints:
- node.hostname == mynode
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.api.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth" #Auth is only setup on the router using the web entrypoint
## Middlewares
- "traefik.http.middlewares.auth.basicauth.users=alpha:$$1$$SEjVHN0z$$Apa3.iHJAW2dbAi6OuwDe/"
### host header
- "traefik.http.middlewares.hosthdr.headers.stsseconds=31536000"
- "traefik.http.middlewares.hosthdr.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.hosthdr.headers.stspreload=true"
# global redirect http to https
#- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
#- "traefik.http.routers.http-catchall.entrypoints=web"
#- "traefik.http.routers.http-catchall.middlewares=httpsalways"
# middleware redirect http to https
#- "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"
#- "traefik.http.middlewares.httpsalways.redirectscheme.permanent=true"
#- "traefik.http.middlewares.httpsalways.redirectscheme.port=443"
#- "traefik.http.middlewares.httptohttps.redirectregex.regex=^https?://(?:www\.)?(.+)"
#- "traefik.http.middlewares.httptohttps.redirectregex.replacement=https://$${1}"
#- "traefik.http.middlewares.httptohttps.redirectregex.permanent=true"
# enable https for api/dashboard
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=letsencrypt"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls.domains[0].main=traefik.example.com"
# dummy port
- "traefik.http.services.dummyservice.loadbalancer.server.port=1111" # In swarm mode, traefik requires a dummy Port
command:
- --api=true
- --api.dashboard=true
- --api.debug=true
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --log.level=DEBUG
- --accesslog=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
#- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
- --certificatesresolvers.letsencrypt.acme.email=myemail@gmail.com
- --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
#- --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./letsencrypt:/letsencrypt"
#- "./basicauth:/basicauth:ro"
networks:
- proxy
networks:
proxy:
external: true
Please help.
Also, I tried this too by disabling the default redirect under command section but it is also not working.
config
labels:
traefik.enable: "true"
traefik.docker.network: proxy
traefik.http.routers.api.rule: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
traefik.http.routers.api.service: api@internal
traefik.http.routers.api.middlewares: auth #Auth is only setup on the router using the web entrypoint
## Middlewares
traefik.http.middlewares.auth.basicauth.users: alpha:$$1$$SEjVHN0z$$Apa3.iHJAW2dbAi6OuwDe/
### host header
traefik.http.middlewares.hosthdr.headers.stsseconds: 31536000
traefik.http.middlewares.hosthdr.headers.stsincludesubdomains: "true"
traefik.http.middlewares.hosthdr.headers.stspreload: "true"
# global redirect http to https
traefik.http.routers.http-catchall.rule: HostRegexp(`{host:(www\.)?.+}`)
traefik.http.routers.http-catchall.entrypoints: web
traefik.http.routers.http-catchall.middlewares: wwwtohttps
# Global redirection: https (www.) to https
traefik.http.routers.wwwsecure-catchall.rule: HostRegexp(`{host:(www\.).+}`)
traefik.http.routers.wwwsecure-catchall.entrypoints: websecure
traefik.http.routers.wwwsecure-catchall.tls: "true"
traefik.http.routers.wwwsecure-catchall.middlewares: wwwtohttps
# middleware: http(s)://(www.) to https://
traefik.http.middlewares.wwwtohttps.redirectregex.regex: ^https?://(?:www\.)?(.+)
traefik.http.middlewares.wwwtohttps.redirectregex.replacement: https://$${1}
traefik.http.middlewares.wwwtohttps.redirectregex.permanent: "true"
# enable https for api/dashboard
traefik.http.routers.api.tls: "true"
traefik.http.routers.api.tls.certresolver: letsencrypt
#traefik.http.routers.api.entrypoints: websecure
traefik.http.routers.api.tls.domains[0].main: traefik.example.com
# dummy port
traefik.http.services.dummyservice.loadbalancer.server.port: 1111 # In swarm mode, traefik requires a dummy Port
command:
- --api=true
- --api.dashboard=true
- --api.debug=true
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --log.level=DEBUG
- --accesslog=false
- --entrypoints.web.address=:80
#- --entrypoints.web.http.redirections.entrypoint.to=websecure
#- --entrypoints.web.http.redirections.entrypoint.scheme=https
#- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
#- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
- --certificatesresolvers.letsencrypt.acme.email=myemail@gmail.com
- --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
#- --certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web
@ldez can you please help?
tried using dynamic file also.
#############
#### ROUTER
#############
[http.routers]
### Traefik Dashboard
[http.routers.api]
rule = "HostRegexp(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
entryPoints = ["websecure"] # <-- changed to `websecure` for https else moved it back to `web`
middlewares = ["auth"]
service = "api@internal"
# will route TLS requests (and ignore non tls requests)
[http.routers.api.tls]
certResolver = "letsencrypt"
# https://docs.traefik.io/routing/routers/#domains
[[http.routers.api.tls.domains]]
main = "traefik.example.com"
# redirecting http to https for dashboard
[http.routers.api-http]
entryPoints = ["web"]
rule = "HostRegexp(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
middlewares = ["auth", "redirect-to-https"]
service = "api@internal"
#################
#### MIDDLEWARES
#################
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = ["alpha:$1$SEjVHN0z$Apa3.iHJAW2dbAi6OuwDe/"]
[http.middlewares.redirect-to-https.redirectScheme]
scheme = "https"
port = "443"
permanent = true
traefik.yml file
version: '3.8'
services:
traefik:
image: "traefik:v2.1"
hostname: traefik
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
placement:
constraints:
- node.hostname == node1
labels:
traefik.enable: "true"
traefik.docker.network: proxy
# dummy port
traefik.http.services.dummyservice.loadbalancer.server.port: 1111 # In swarm mode, traefik requires a dummy Port
command:
- --api=true
- --api.dashboard=true
- --api.debug=true
- --providers.file.filename=/etc/traefik/traefik-dynamic.toml # Using file for reading the config
- --providers.file.watch=true
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --log.level=DEBUG
- --accesslog=false
- --entrypoints.web.address=:80
#- --entrypoints.web.http.redirections.entrypoint.to=websecure
# - --entrypoints.web.http.redirections.entrypoint.scheme=https
# - --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
- --certificatesresolvers.letsencrypt.acme.email=myemail@gmail.com
- --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./letsencrypt:/letsencrypt"
- "./traefik-dynamic.toml:/etc/traefik/traefik-dynamic.toml:ro"
#- "./basicauth:/basicauth:ro"
networks:
- proxy
networks:
proxy:
external: true
This is not working.
I'm also using Grafana and below is the config under lables.
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.grafana.rule=Host(`grafana.example.com`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.routers.grafana.service=grafana-service"
# global redirect http to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=httpsalways"
# middleware redirect http to https
- "traefik.http.middlewares.httpsalways.redirectscheme.scheme=https"
- "traefik.http.middlewares.httpsalways.redirectscheme.permanent=true"
- "traefik.http.middlewares.httpsalways.redirectscheme.port=443"
#
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
- "traefik.http.routers.grafana.tls.domains[0].main=grafana.example.com"
- "traefik.http.services.grafana-service.loadbalancer.server.port=3000"
Is anything wrong in this config? because grafana.example.com ins't redirecting to https://grafana.example.com but same config works for traefik.example.com to https://traefik.example.com
cakiwi
May 29, 2020, 11:59am
7
Hi @metadata
This is my simple swarm config. No certresolver or auth middleware is enabled. But it is a starting point to layer these items in.
Compose for stack
version: "3.8"
services:
traefik:
image: "traefik:v2.2"
command:
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --api
deploy:
placement:
constraints:
- node.role == manager
labels:
traefik.enable: "true"
# traefik.http.routers.api.rule: Host(`foo.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
traefik.http.routers.api.rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`)
traefik.http.routers.api.service: api@internal
traefik.http.services.dummy.loadBalancer.server.port: 65535
traefik.http.routers.api.entrypoints: websecure
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
Stack Deploy
$ docker stack deploy -c simple.swarm.yaml tk
Creating network tk_default
Creating service tk_traefik
http redirect demo
$ curl -ikL http://localhost/dashboard/
HTTP/1.1 301 Moved Permanently
Location: https://localhost/dashboard/
Date: Fri, 29 May 2020 11:51:33 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8
HTTP/2 200
accept-ranges: bytes
content-type: text/html; charset=utf-8
last-modified: Wed, 29 Apr 2020 18:00:36 GMT
content-length: 2708
date: Fri, 29 May 2020 11:51:33 GMT
<!DOCTYPE html><html><head><title>Traefik</title>...
@cakiwi thanks . After using this static config I can see that its working using cURL
curl -ikL http://grafana.example.in/
HTTP/1.1 301 Moved Permanently
Location: https://grafana.example.in/
Date: Fri, 29 May 2020 12:19:38 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8
HTTP/2 302
content-type: text/html; charset=utf-8
date: Fri, 29 May 2020 12:19:38 GMT
location: /login
set-cookie: grafana_sess=221ef5a23382af4c; Path=/; HttpOnly
set-cookie: redirect_to=%252F; Path=/; HttpOnly
content-length: 29
HTTP/2 200
content-type: text/html; charset=UTF-8
date: Fri, 29 May 2020 12:19:38 GMT
But still not working in browser? I have tried it on chrome, brave, mozilla, edge.
config grafana
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.grafana.rule=Host(`grafana.example.in`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.routers.grafana.service=grafana-service"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
- "traefik.http.routers.grafana.tls.domains[0].main=grafana.example.in"
- "traefik.http.services.grafana-service.loadbalancer.server.port=3000"
cakiwi
May 29, 2020, 12:47pm
9
That it works with curl demonstrates it is technically correct. What error do you get on the browsers ?
Is it possible that there was an HSTS header set for this domain in the past, or has made it into the browsers' compiled in list? You can check that in chrome pretty easily.
Aside from that I would enable Traefik Access log and see what requests are coming in and how they are being handled.
@cakiwi it's working now. port 80 wasn't opened for public IP in firewall. I tested it by accessing the service from my local env using cURL(not accessible becuase of port issue). Earlier I was sshed to VM and then running the cURL hence it was working.
Thanks a lot for the help
