Thanks for your suggestion but I'm not there, yet.
My rationale:
- Redirect http (
webinsecure) to https (websecure) playing with entrypoints - Add a default middleware, as suggested, to the
websecureentrypoint - Use such a middleware to strip www from requests
- Forward just non-www requests
In order to do that, I borrowed the global middleware described in this answer by @ldez (Global redirect www to non-www with HTTPS redirection). This is the main Traefik container now:
command:
# --entrypoints.<name>.address for ports
# 80 (i.e., name = webinsercure)
- --entrypoints.webinsecure.address=:80
# redirection to https
- --entrypoints.webinsecure.http.redirections.entrypoint.to=websecure
- --entrypoints.webinsecure.http.redirections.entrypoint.scheme=https
# 443 (i.e., name = websecure)
- --entrypoints.websecure.address=:443
# default middleware
- --entrypoints.websecure.http.middlewares=wwwtohttps@docker
labels:
# middleware: http(s)://(www.) to https://
traefik.http.middlewares.wwwtohttps.redirectregex.regex: ^https?://(?:www\.)?(.+)
traefik.http.middlewares.wwwtohttps.redirectregex.replacement: https://$${1}
traefik.http.middlewares.wwwtohttps.redirectregex.permanent: true
Everything looks ok:
Then I have services like this one
my-test-app:
image: containous/whoami
networks:
# This is the network over which Traefik communicates with other containers.
- proxy
labels:
traefik.enable: true
traefik.http.routers.my-test-app.rule: Host(`foo.com`)
traefik.http.routers.my-test-app.entrypoints: websecure
traefik.http.routers.my-test-app.tls.certresolver: leresolver
traefik.http.routers.my-test-app.tls.domains[0].main: foo.com
traefik.http.routers.my-test-app.tls.domains[0].sans: '*.foo.com'
But I still get 404 for www.foo.com.
Please, note that, from the theoretical perspective 
, I shouldn't set explicitly "www.foo.com"-like rules in each router rule, since the global middleware (wwwtohttps) should strip www from requests. (Also in this answer, they do the same)
How can I make this scenario work fine?