HTTP to HTTPS redirect fails with exposedbydefault=false

Traefik Traefik v2 (latest)
,
1

Not sure if this is a bug as I'm new to Traefik, so I thought I'd check here. In the blog post that details global http to https redirection, there is a linked docker-compose.yml file that seems to work (with the default self-signed Traefik certificate since I haven't set up letsencrypt). However, when I change it by adding - --providers.docker.exposedbydefault=false under command and - "traefik.enable=true" under labels in my-app, I get a 404 when visiting http://whoami.docker.localhost (instead of a 302).

Can anyone else confirm this? Is this supposed to happen?

Edit: the full version of the modified docker-compose.yml is below.
Expected behaviour: visiting http://whoami.docker.localhost produces a 302 redirect to https://whoami.docker.localhost
Observed behaviour: visiting http://whoami.docker.localhost produces a 404 error code.

version: "3.3"

services:
  traefik:
    image: "traefik:v2.0.0"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --api
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.email=your@email.com
      - --certificatesresolvers.leresolver.acme.storage=/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"

  my-app:
    image: containous/whoami:v1.3.0
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-app.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.my-app.middlewares=auth"
      - "traefik.http.routers.my-app.entrypoints=websecure"
      - "traefik.http.routers.my-app.tls=true"
      - "traefik.http.routers.my-app.tls.certresolver=leresolver"
      - "traefik.http.middlewares.auth.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password
2

Hello,

you have to add the label:

      - "traefik.enable=true"

on the Traefik container.

3

I believe I have done this -- see the docker-compose.yml in the code block.

To be clear, using the modified docker-compose.yml, visiting http://whoami.docker.localhost returns 404 but https://whoami.docker.localhost works as it should. It is only the redirection that is broken.

Edit: Oh you mean the Traefik container as well as the app container. Ok I'll try that.

Edit 2: Yes that works. Both the app service and the Traefik service need traefik.enable=true.

4

@ldez How to do the same but with traefik.yaml?
enable: true on the root lavel doesn't work

5

traefik.enable and xxx.exposedbydefault options is only available for label based providers (Docker, Marathon, Consul Catalog, ...)

traefik.yml contains only the static configuration, so it's the same a CLI flags in the command section.

You can use the file provider to create a dynamic configuration.

You can find examples of the global redirection pattern in the documentation:
https://docs.traefik.io/v2.1/migration/v1-to-v2/#http-to-https-redirection-is-now-configured-on-routers