The current documentation does not point how to redirect the HTTP requests to the HTTPS one.
For those wondering how to redirect the HTTP entrypoint to the HTTPS one, the clue is provided within the config/traefik/dynamic/traefik_dynamic.yaml or .custom/traefik_custom/dynamic/traefik_dynamic.yaml files:
## This is mounted in /etc/traefik_dynamic dir
http:
middlewares:
## Middleware for redirect to https
## compose label: - "traefik.http.routers.<ROUTER_NAME>.middlewares=https-redirect@file"
https-redirect:
redirectScheme:
scheme: https
# permanent: true
My steps were:
To redirect http to https, uncomment the traefik entrypoints labels in .custom folder docmpose overrides files.
Edit docker-compose-apps.override.yaml and search for # Enable http+https endpoints comment, uncomment specific label, and add the middlewares label.
For example, to enable ssl mode and redirect http to https for RhodeCode:
service:
rhodecode:
labels:
# Enable http+https endpoints to serve SSL, select just 1 to disable the other
- "traefik.http.routers.rhodecode.entrypoints=http,https"
# Redirect http to https
- "traefik.http.routers.rhodecode.middlewares=https-redirect@file"
I did not add this middlewares label for the other entrypoints.
I personally didn’t have to add this custom config to redirect from HTTP to HTTPS. Can you please explain a little more how it behaved with only the “https” entry point enabled?
Some browsers may look up by themselves for a https scheme when typing http, or remember a https url when typing http, like Firefox. A client side redirection can be active without any support from the server. At least for me.
If you use another tool that doesn’t do the client-side redirection, like curl, you should get an error (404 from traefik) when accessing though the http scheme.
Can you confirm this? If you still have a redirection, I may have a misconfiguration.
You’re right, I have an error with a curl call. Then it’s probably my browser which does all the magic.
Are your config mods based on what’s recommended in the Traefik documentation? Because I see several ways of doing it. I’m a Traefik newbie so I can’t tell.
Artem @dolobanko, a documentation update would indeed be a great thing.
I’ve consulted the traefik documentation, but found out that RhodeCode internals already set the https-redirect middleware within .custom/traefik_custom/dynamic/traefik_dynamic.yaml.
This file (or the master one at config/traefik/dynamic/traefik_dynamic.yaml) gives you the proper syntax in a comment.
For the wanted services, you should have the following labels:
@justinmassiot@aji Yeah, sorry for delay! We’ve been dealing with 5.1 and few minor releases past few weeks. @andverb_rhodecode is going to update it soon (it’s in the documentation backlog)! Thanks again for pointing us!