Redirect Loop with HTTPS redirectScheme

Hello,
I want to enforce all traffic be served over https so I created a middleware to do so.

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: common-https-redirect
spec:
  redirectScheme:
    scheme: https
    permanent: true
    port: 443
kind: IngressRoute
metadata:
  name: entry-www-de
  namespace: conversions
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`www.mydomain.com`) && Path(`/`)
    kind: Rule
    services:
    - name: foo
      port: 80
    middlewares:
      - name: common-https-redirect
        namespace: traefik

However, when I apply it, it keeps going into a redirect loop

* Connected to www.mydomain.com (172.1.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: www.mydomain.com
> User-Agent: curl/7.64.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
< Date: Wed, 30 Oct 2019 13:17:31 GMT
Date: Wed, 30 Oct 2019 13:17:31 GMT
< Location: https://www.mydomain.com/
Location: https://www.mydomain.com/
< Content-Length: 17
Content-Length: 17
< Connection: keep-alive
Connection: keep-alive

I have SSL termination on ELB . ELB configured with the Following Listeners

LB: HTTP: 80 , Instance Protocol HTTP
LB: HTTPS: 443, Instance Protocol HTTP , SSL Cert

How can I get the HTTPS redirection working without the loop. I want to keep SSL termination on the ELB

hello,

could you provide the information to show how you are using the middleware.

Thanks for replying @ldez I updated question

The TLS part is on the router, so you have to solution:

  • create 2 IngressRoutes: one on web with the redirection, and one on websecure without the redirection and with TLS.
  • create a global redirection (see other topics for more information), and one IngressRoute on websecure without redirection

https://docs.traefik.io/v2.0/routing/routers/#tls

1 Like

Hello @ldez,

I'm facing the same issue. Should I create 2 IngressRoutes? I mean using "redirectScheme" middleware should redirect to https only if it was http.

Is there anyway to avoid duplicating my IngressRoutes?

Duplicating implies two instances of the same thing. This is not what was suggested. So no, no duplication is required. Two routes are needed for the solution to work.

1 Like