I would like to create a traefik v2 config file which redirects http://localhost:80 traffic to http://otherhost.example.com:8080.
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.dashboard]
address = ":80"
[entryPoints.dashboard.redirect???]
scheme = "http"
port = "8080"
No dockers whatsoever.
Thanks,
Lorand.
That worked:
defaultEntryPoints = ["http"]
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[providers]
[providers.file]
filename = "dynamic_conf.toml"
watch = true
And dynamic_conf.toml:
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
# By default, routers listen to every entry points
rule = "Host(`localhost`)"
service = "my-service"
[http.services]
[http.services.my-service.loadBalancer]
passHostHeader = false
[[http.services.my-service.loadBalancer.servers]]
url = "http://example.com"
It had to be called with full url, like: http://localhost/index.html
I want the traefik dashboard to only connect via https but at the same time provide authentication. I also want traefik to automatically redirect to https if I access the http address.
I've tried configuring myself by adding traefik dashboard http redirection to https and adding htpasswd authentication. But sadly it doesn't work.
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https", "traefik", "traefik-https"]
[entryPoints]
[entryPoints.traefik]
address = ":8080"
compress = true
[entryPoints.traefik.redirect]
entryPoint = "traefik-https"
[entryPoints.traefik-https.tls]
[entryPoints.traefik-https.auth]
[entryPoints.traefik-https.auth.basic]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.traefik-https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.traefik-https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[api]
entryPoint = "traefik"
dashboard = true
debug = true
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host: example.com,www.example.com"
[frontends.frontend2]
backend = "backend2"
[frontends.frontend2.routes.test_1]
rule = "Host: duplicati.example.com,www.duplicati.example.com"
[frontends.frontend3]
entryPoints = ["traefik"]
backend = "backend3"
[frontends.frontend3.routes.test_1]
rule = "Host: traefik.example.com"
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://127.0.0.1:56000"
weight = 1
[backends.backend2]
[backends.backend2.servers.server1]
url = "http://127.0.0.1:57000"
weight = 1
[backends.backend3]
[backends.backend3.servers.server1]
url = "http://127.0.0.1:8080"
weight = 1
I expected it to redirect to https automatically when I access http://example.com:8080. Like this http://example.com:8080 --> https://example.com:8080. But when I access https://example.com:8080 it gave me an error Client sent an HTTP request to an HTTPS server.
What am I doing wrong?
I successfully fixed the problem. I don't know how I did it but I started from zero, refered to the Traefik docs, test my code, try, try, and try again until my code works!
Here is the code just in case someone needs it as a future reference
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https", "traefik", "traefik-https"]
[entryPoints]
[entryPoints.foo]
address=":58080"
compress = true
[entryPoints.foo.redirect]
entrypoint="traefik-https"
[entryPoints.traefik-https]
address = ":58443"
compress = true
[entryPoints.traefik-https.tls]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.traefik-https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.traefik-https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[entryPoints.traefik-https.auth]
[entryPoints.traefik-https.auth.basic]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[api]
entryPoint = "traefik-https"
dashboard = true
debug = true
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host: example.com,www.example.com"
[frontends.frontend2]
backend = "backend2"
[frontends.frontend2.routes.test_1]
rule = "Host: duplicati.example.com,www.duplicati.example.com"
# [frontends.frontend3]
# entryPoints = ["traefik"]
# backend = "backend3"
# [frontends.frontend3.routes.test_1]
# rule = "Host: traefik.example.com"
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://127.0.0.1:56000"
weight = 1
[backends.backend2]
[backends.backend2.servers.server1]
url = "http://127.0.0.1:57000"
weight = 1
# [backends.backend3]
# [backends.backend3.servers.server1]
# url = "http://127.0.0.1:8080"
# weight = 1
Traefik docs that I've refered to:
https://docs.traefik.io/configuration/backends/web/
https://docs.traefik.io/configuration/entrypoints/
My domain name jstock.co DNS, and SSL certificate are handled by Cloudflare.
I have the following traefik.toml
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:xxx"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/app/cert.pem"
KeyFile = "/app/key.pem"
With the above setup, traefik able to re-route the following traffic to correct docker containers
https://notification.jstock.co/info/
https://iex.jstock.co/info/
https://intrinio.jstock.co/info/
...
Now, we have purchased another domain name wenote.me. Its DNS, and SSL certificate also handled by Cloudflare.
I was wondering, is it possible, to reuse existing Traefik, to handle traffic from wenote.me? If so, what should be traefik.toml looks like?
This is how it is being done.
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:xxx"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/app/cert.pem"
KeyFile = "/app/key.pem"
[[entryPoints.https.tls.certificates]]
CertFile = "/app/wenote.me.cert.pem"
KeyFile = "/app/wenote.me.key.pem"
I'd like to be able to use Traefik to forward traffic for a domain with subfolders to a docker container on a diff hosts. Also, I'd like to be able to use multiple separate domains.
I'm unable to find instructions or a guide to do that exactly. Can anyone give me pointers please?
This is what I have so far.
### traefik.toml
defaultEntryPoints = ["https","http"]
[api]
entryPoint = "traefik"
dashboard = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
]
[entryPoints.traefik]
address = ":8080"
[entryPoints.traefik.auth.basic]
users = ["admin:{SHA}123="]
[acme]
email = "123#123.com"
storage = "/etc/traefik/acme/acme.json"
onHostRule = false
acmeLogging = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 0
[[acme.domains]]
main = "*.123.it"
[[acme.domains]]
main = "*.123.co.uk"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "{{ DOMAIN }}"
watch = true
exposedbydefault = false
[file]
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://192.168.0.1:8585/"
[backends.backend2]
[backends.backend2.servers.server2]
url = "http://192.168.0.1:8383/"
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.graf]
rule = "Host:123.it"
[frontends.frontend2]
backend = "backend2"
[frontends.frontend2.routes.graf]
rule = "Host:123.co.uk; PathPrefix: /app"
According to https://github.com/containous/traefik/pull/2133, it should be possible to redirect selectively per frontend. Is this available in the File backend?
I tried adding the following, but it didn't work:
[frontends.foo.headers]
SSLRedirect = true
The option SSLRedirect = true always redirect on 443.
If you want to redirect to an entry point without using 443 port use entryPoint = "https"
https://docs.traefik.io/user-guide/examples/#http-redirect-on-https
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "examples/traefik.crt"
keyFile = "examples/traefik.key"
https://docs.traefik.io/configuration/backends/file/
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
# ...
[entryPoints.https]
address = ":443"
# ...
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.redirect]
entryPoint = "https"
# ...