Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Http to https redirection through middlewares does not work unless globally enforced #6995

Closed
steve-todorov opened this issue Jul 3, 2020 · 1 comment
Closed

Http to https redirection through middlewares does not work unless globally enforced #6995

steve-todorov opened this issue Jul 3, 2020 · 1 comment
Labels
kind/question a question status/5-frozen-due-to-age

Comments

@steve-todorov
Copy link

steve-todorov commented Jul 3, 2020
edited
Loading

Do you want to request a feature or report a bug?

Bug (related community topic)

What did you do?

  1. I've followed the traefik documentation and configured a container with entry points for http and https named the same way.
  2. I configured some container labels and then attempted to access the container via curl -I http://whoami.domain.com which resulted in 404. Then I tried curl -I https://whoami.domain.com and it worked just fine.
  3. I tried to configure a global redirection (as mentioned in the docs and the redirection worked. However this enforces TLS globally on ALL ingresses which is not what I'd like.

NOTE: I noticed if you set traefik.http.routers.whoami.tls=false the redirection middleware starts working fine and redirects to https, but then the https entry point gives 404 (which is probably expected?)

What did you expect to see?

The http entry point should have redirected to https using the configured middleware.

What did you see instead?

$ curl -s -I http://whoami.domain.com
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Fri, 03 Jul 2020 13:48:41 GMT
Content-Length: 19

Output of traefik version: (What version of Traefik are you using?)

(running in a docker container)
Version:      2.2.1
Codename:     chevrotin
Go version:   go1.14.2
Built:        2020-04-29T18:02:09Z
OS/Arch:      linux/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

-- docker-compose.yaml
version: '2'
services:
  traefik:
    image: traefik:v2.2.1
    container_name: traefik2
    restart: unless-stopped
    env_file:
      - .env
    ports:
      - 80:80
      - 443:443
    networks:
      - default
      - traefik-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik/
  whoami:
    image: containous/whoami
    networks:
      - traefik-proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.http.routers.whoami.rule=Host(`whoami.domain.com`)"
      - "traefik.http.routers.whoami.service=whoami"
      - "traefik.http.routers.whoami.entrypoints=http,https"
      - "traefik.http.routers.whoami.middlewares=redirect-to-https@file"
      - "traefik.http.routers.whoami.tls=true"
      - "traefik.http.routers.whoami.tls.certresolver=couldns-dns-letsencrypt"
      - "traefik.http.routers.whoami.tls.domains[0].main=domain.com"
      - "traefik.http.routers.whoami.tls.domains[0].sans=*.domain.com"

-- traefik/traefik.yaml
entryPoints:
  http:
    address: ':80'
#   This works, but enforces TLS globally.
#    http:
#      redirections:
#        entryPoint:
#          to: https
#          scheme: https

  https:
    address: ':443'

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /etc/traefik/conf.d

certificatesResolvers:
  couldns-dns-letsencrypt:
    acme:
      email: email@domain.com
      storage: /etc/traefik/acme.json
      # PRODUCTION
      #caServer: "https://acme-v02.api.letsencrypt.org/directory"
      # STAGING
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: cloudns
        delayBeforeCheck: 120
        resolvers:
          - "pns1.cloudns.net"
          - "pns2.cloudns.net"
          - "pns3.cloudns.net"
          - "pns4.cloudns.net"

tls:
  options:
    default:
      minVersion: VersionTLS12

-- traefik/conf.d/middlewares.yaml
http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https

The dashboard shows it's detecting everything properly:

image

If applicable, please paste the log output in DEBUG level (--log.level=DEBUG switch)

Log is huge since Traefik is used as a proxy and a lot of traffic comes in.
Maybe if you give me hints on what to look for I could gather more data and update.
@traefiker
Copy link
Contributor

Hi! I'm Træfiker 🤖 the bot in charge of communication regulation.

Thanks for your interest in Traefik!

We dedicate the issue tracker to bug reports and feature requests only. My advanced AI has spotted that your issue might be a configuration problem or relates to something that doesn't look like a bug.

To confirm this, please join our Community Forum and reach out to us on the Traefik section.

In case I'm wrong (well, that would be embarrassing 😅), my developers will re-open the issue and fix me!

In the meantime, you can double check Traefik's documentation.

@traefik traefik locked and limited conversation to collaborators Aug 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/question a question status/5-frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@steve-todorov @traefiker