Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Redirect http to https on a per container (per frontend) basis #541
Context for the answer:
I had no luck finding how to make this work. (I think it's not implemented yet, at least for the Marathon provider)
This is what I tried:
[entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443"
If I configure Traefik like this, all my http traffic gets redirected to https and that I cannot allow because behind my reverse proxy there's multiple domains and some does not have a SSL linked to it.
Some apps use only HTTPS but we could not let Traefik respond a 404 if the user tries to access via HTTP because of some legacy integrations. Currently our nginx servers redirect all HTTP requests to HTTPS.
What I was forced to do to make it work was creating a simple redirect app on Marathon that reads and environment variable and if the requested host meets the criteria, the nginx returns a location header for the https url.
It's a workaround but until the team implements a per-frontend redirect there's no way to make this work directly from Traefik.... =/
Hey @emilevauge I already do this but sadly when I do so the other protocol responds 404 and this breaks some older integrations that still references the old http routes...
Maybe I was not clear about what I did.
The main app (the one that runs the app server) has a "traefik.frontend.entryPoints=https" Label on Marathon, so it only recieves HTTPS requests but I have another app (the nginx redirector) that I can configure through env vars to respond a location from HTTP requests to HTTPS.
If I didn't have the redirector, my app would repond a 404 on HTTPS. That's the caveat.
@migueleliasweb, I don't get what you are trying to do exactly here ^^
If you want to have some apps on
and use labels to wire your frontends to the desired entrypoint. But you will not get http->https redirection in that case.
Hey @emilevauge ! Thanks for being so active !
When you said:
That's exactly my case. My Traefik serves 3 types of web applications:
It's all because of the last scenario...
If I wire the last app type to both HTTP and HTTPS, I get some problems due to some legacy users being able to access the app through non secure connections and possibly exposing sensitive data.
On the other hand ff I wire the last app only to HTTPS I get a 404 on HTTP requests (as i mentioned earlier...and that's a huge problem to the company because we need those users).
That's why I had to invent a way to cover this use case by creating a nginx container that redirect all incoming requests from HTTP to HTTPS. Example:
Well I think that's it. =]
EDIT: If there was a way to each frontend have a HTTP and HTTPS independent configurable entrypoint I would use it, but since I didn't found one I had to come up with something =P
As the OP, I would like to be a little more specific about my use case. Maybe we need to move some concerns to another issue.
referenced this issue
Nov 24, 2016
We understand the importance of the subject.
Remember the gentle way to participate: