Redirect http to https on a per container (per frontend) basis #541
Context for the answer:
I had no luck finding how to make this work. (I think it's not implemented yet, at least for the Marathon provider)
This is what I tried:
[entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443"
If I configure Traefik like this, all my http traffic gets redirected to https and that I cannot allow because behind my reverse proxy there's multiple domains and some does not have a SSL linked to it.
Some apps use only HTTPS but we could not let Traefik respond a 404 if the user tries to access via HTTP because of some legacy integrations. Currently our nginx servers redirect all HTTP requests to HTTPS.
What I was forced to do to make it work was creating a simple redirect app on Marathon that reads and environment variable and if the requested host meets the criteria, the nginx returns a location header for the https url.
It's a workaround but until the team implements a per-frontend redirect there's no way to make this work directly from Traefik.... =/
Hey @emilevauge I already do this but sadly when I do so the other protocol responds 404 and this breaks some older integrations that still references the old http routes...
Maybe I was not clear about what I did.
The main app (the one that runs the app server) has a "traefik.frontend.entryPoints=https" Label on Marathon, so it only recieves HTTPS requests but I have another app (the nginx redirector) that I can configure through env vars to respond a location from HTTP requests to HTTPS.
If I didn't have the redirector, my app would repond a 404 on HTTPS. That's the caveat.
@migueleliasweb, I don't get what you are trying to do exactly here ^^
If you want to have some apps on
and use labels to wire your frontends to the desired entrypoint. But you will not get http->https redirection in that case.
Hey @emilevauge ! Thanks for being so active !
When you said:
That's exactly my case. My Traefik serves 3 types of web applications:
It's all because of the last scenario...
If I wire the last app type to both HTTP and HTTPS, I get some problems due to some legacy users being able to access the app through non secure connections and possibly exposing sensitive data.
On the other hand ff I wire the last app only to HTTPS I get a 404 on HTTP requests (as i mentioned earlier...and that's a huge problem to the company because we need those users).
That's why I had to invent a way to cover this use case by creating a nginx container that redirect all incoming requests from HTTP to HTTPS. Example:
Well I think that's it. =]
EDIT: If there was a way to each frontend have a HTTP and HTTPS independent configurable entrypoint I would use it, but since I didn't found one I had to come up with something =P
As the OP, I would like to be a little more specific about my use case. Maybe we need to move some concerns to another issue.
We understand the importance of the subject.
Remember the gentle way to participate: