-
Notifications
You must be signed in to change notification settings - Fork 744
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not able to redirect from http to https #208
Comments
Can you post your whole configuration files please? |
Hi
I think I can answer this question because I see same additional I install traefik using helm, listen port 80 and 443. This is my helm values version 8.9.0 additionalArguments:
- "--providers.kubernetesingress.ingressclass=some-ingress-classname"
- "--certificatesresolvers.letsprod.acme.tlschallenge=true"
- "--certificatesresolvers.letsprod.acme.email=someemail@gmail.com"
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
ingressRoute:
dashboard:
enabled: false
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
hostNetwork: true
persistence:
enabled: true
ports:
web:
port: 80
hostPort: 80
websecure:
port: 443
hostPort: 443
rbac:
namespaced: true
securityContext: null And then I deploy adminer by using helm chart https://cetic.github.io/helm-charts latest version, with this values service:
type: ClusterIP
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: some-ingress-classname
traefik.ingress.kubernetes.io/router.tls.certresolver: letsprod
hosts:
- somedomain.com
resources:
limits:
cpu: 100m
memory: 128Mi After I hit the domain, this is the result
Please see the After somedays searching the root cause, finally I can narrow down the issue.
I tried to edit the traefik deployment file manually into this
And finally, the redirect issue will be fixed
But in the first place, I'm not sure what the additional If yes, I already create #219 Thank you |
For your Sources: |
Hello @akhfa, I was able to pin down the issue in Traefik itself. I've raised a PR on update to address that behavior. traefik/traefik#7047 |
Hi @SantoDE, Thanks a lot for your help. I will wait for the release 😁 |
Is this already implemented in the current image 2.2.8? When i use the v2.3.0-rc3 image the redirect goes to "8443" and not to "8433/tcp" but with port "8443" the redirect still fails.
If i try to set the websecure port to "443" via "--entrypoints.websecure.address=:443" in the helm chart traefik will not start with:
Disabling the security context, by overwriting 'securityContext:' with an empty value "", seems to help with the redirect but the page can not be shown anymore:
|
Got it working now, with 2.3.0-rc3. This is the helm config which works for me:
Would be nice this would work with "runAsNonRoot: true" though. The ingress config of grafana helm chart as example has to look like:
|
Cool! I'll close that one then. |
@SantoDE |
I've used image 2.3.0-rc3 |
@monotek sure, but the default image / chart isn't fixed, so one have to override the image tag. |
Yes, i know. |
There is now a new version of the helm chart, which includes Traefik 2.2.8. Feel free to give it a test ;) |
Works with 2.2.8 too. Looking forward to see 2.3.0 final 😎 |
Is there any best practice for HTTP -> HTTPS redirection with this chart? ports:
web:
redirectTo: websecure |
I've switched to contour as its not possible to get proper redirect with kubernetes default ingress. |
@monotek It's definitely possible to get external-dns working alongside ingressRoute by using an empty ingress. For services I run with ingressRoutes, I run an ingress like this as part of the same release: ---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myapp-external-name-dns
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: "myapp.example.com" This will route no traffic, but it will get picked up by external-dns as any normal ingress. It's a straightforward workaround for me. |
This is imho only a workaround at best as you need to configure your ingress twice which is a pattern which is predetermined for failure. Switched to Contour ingress controller now. Migration was easier as Traefik 1.7 to 2.x for us. |
is there any trick i can do to make http to https redirect work?
added --entrypoints.web.http.redirections.entryPoint.scheme=https in additionalArguments but it didn't work.
but when i add these two arguments while deployment from helm chart:
--entrypoints.web.http.redirections.entryPoint.to=websecure --entrypoints.websecure.http.tls.certResolver=default
but when i browsed the URL it redirected me to example.com:8443/tpc.
is this a bug in traefik ingress controller or am i m doing it wrong?
The text was updated successfully, but these errors were encountered: