Defining a http and a separate https router (file)

I am trying to follow the following model but using file instead of docker (this is for an application that's on a separate host, not running within docker):

- "traefik.http.routers.grafana.entrypoints=http"
- "traefik.http.routers.grafana.rule=Host(`grafana.domain.com`)"
- "traefik.http.middlewares.grafana-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.grafana.middlewares=grafana-https-redirect"
- "traefik.http.routers.grafana-secure.entrypoints=https"
- "traefik.http.routers.grafana-secure.rule=Host(`grafana.domain.com`)"
- "traefik.http.routers.grafana-secure.tls=true"
- "traefik.http.routers.grafana-secure.tls.certresolver=dns"
- "traefik.http.routers.grafana-secure.service=grafana"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"

So this is what I have thus far:

    octoprint:
      entryPoints:
        http
      middlewares:
      - https-redirect
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)

    octoprint-secure:
      entryPoints:
        https
      middlewares:
      - my-basic-auth
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)
      tls:
        certResolver: dns

but looking at the dashboard, both routers have http 80, https 443 and traefik 8080 as their entrypoints. I've tried with entrypoints of web and web-secure, as per the doc but that doesn't seem to work either:

    octoprint:
      entryPoints:
        web:
          address: ":80"
      middlewares:
      - https-redirect
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)

    octoprint-secure:
      entryPoints:
        web-secure:
          address: ":443"
      middlewares:
      - my-basic-auth
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)
      tls:
        certResolver: dns

That doesn't even parse, with a: line 25: found character that cannot start any token"

And this doesn't change the entrypoints either:

octoprint:
      entryPoints:
        web
      middlewares:
      - https-redirect
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)

    octoprint-secure:
      entryPoints:
        web-secure
      middlewares:
      - my-basic-auth
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)
      tls:
        certResolver:

There isn't a lot of documentation on files, I can't find a complete example that's similar to what I am trying to do (other than the docker version I used for my grafana).

Help? These are within http and router, btw.

Hello,

you mixed several things together: the dynamic configuration and the static configuration.

They must be defined in separated files.

traefik.yml (static configuration)

# https://docs.traefik.io/v2.1/routing/entrypoints/
# the static configuration can be file, CLI flags

entryPoints:
  web:
   address: ":80"
  websecure:
    address: ":443"

providers: 
  # https://docs.traefik.io/v2.1/providers/file/
  file:
    directory: /config/
    watch: true

/config/dyn.yml (dynamic configuration)

# can be a file, labels, ...

http:

  # https://docs.traefik.io/v2.1/routing/routers/#configuring-http-routers
  routers:
    octoprint:
      rule: Host(`octoprint.domain.com`)
      entryPoints: 
      - web
      middlewares:
      - https-redirect
      service: service-octoprint

    octoprint-secure:
      entryPoints:
      - websecure
      middlewares:
      - my-basic-auth
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)
      tls:
        certResolver: dns

  # https://docs.traefik.io/v2.1/routing/services/#configuring-http-services
  services:
    service-octoprint:
      loadBalancer:
        servers:
        - url: http://10.10.10.1:1234

  # https://docs.traefik.io/v2.1/middlewares/overview/
  middlewares:
  
    # https://docs.traefik.io/v2.1/middlewares/redirectscheme/
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: true

    # https://docs.traefik.io/v2.1/middlewares/basicauth/
    my-basic-auth:
      basicAuth:
        users:
          - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" 
          - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"

In the documentation, we illustrated the configuration in all the available possibilities:

  • static configuration: file (TOML, YAML), CLI flags
  • dynamic configuration: file (TOML, YAML), labels, k8s CRD, ...

That worked well, i understand it much better now, thank you. While I haven't achieved what I wanted yet, I am making progress.

I was separating the http and https routers because I wanted http to reroute to https no matter what. And then I wanted two different routers, one to treat a path of /cam1/ and the other any other path.

    cam1:
     service: service-octoprint-cam1
     rule: Host(`octoprint.domain.com`) && Path(`/cam1/`)
     middlewares:
     - cam-prefix-strip
     entryPoints:
     - https

    octoprint:
      entryPoints:
      - http
      middlewares:
      - https-redirect
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)

    octoprint-secure:
      entryPoints:
      - https
      middlewares:
      - my-basic-auth
      service: service-octoprint
      rule: Host(`octoprint.domain.com`)
      tls:
        certResolver: dns

with:

    cam-prefix-strip:
      stripPrefix:
        prefixes:
        - /cam1/

I separated https and https because if both the /cam1 and the / one handled both, the pathstrip when handling http for /cam1/ would then lack the /cam1/ after the https redirect.

I am undestanding the flow as octoprint sending a redirect and then octoprint-secure handling the redirected URL but maybe it never goes to octoprint-secure ?

How would you handle it, @ldez ?