问题
I'm running traefik on an AWS instance with a rancher back-end. I am terminating SSL at the AWS load balancer, and am communicating on port 80 with the instance, which forwards the :80 traffic to the traefik container.
So the Load balancer currently has: https:443 ==> http:80 http:80 ==> http:80
That means, if you type https://example.com, you get SSL, and if you type http://example.com, you just get an ordinary http connection.
The desire is to have an auto redirect via http 302 -- it would redirect http://example.com to https://example.com.
So far what I've unsuccessfully tried is the following:
** AWS Load balancer**
https:443 => http:80
http:80 => http:81
traefik.toml
------------
[entryPoints]
[entryPoints.http]
address = ":81"
[entryPoints.http.redirect]
regex = "^http://example.com/(.*)"
replacement = "https://example.com/$1"
address = ":80"
docker-compose.yml
------------------
API-Proxy:
container_name: api-proxy
image: traefik
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "$PWD/traefik.toml:/etc/traefik/traefik.toml"
command: "--web --rancher --docker.domain=rancher.localhost --logLevel=DEBUG"
cpu_shares: 128
restart: always
ports:
- 80:80/tcp
- 81:81/tcp
- 8100:8080/tcp
When I try accessing via port 80, there's a timeout. Traefik logs don't seem to be helpful.
Is this a silly approach? Or is it better to terminate SSL at the traefic container using Let's encrypt?
回答1:
Try something like this in your Traefik config. Then forward both ports 443 and 80 on the LB to port 80 on Traefik.
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
regex = "^http://(.*)"
replacement = "https://$1"
回答2:
I do this in Kubernetes on AWS currently. It's a little fiddly to get just right, but it is totally possible.
First you need to make sure that your ELB is listening for HTTP (not HTTPS) on port 80 and for HTTPS on port 443. If you have the ELB listening for HTTPS on port 80, you'll get very strange behavior by clients. Check that first. Note: this is the default behavior if you have deployed Traefik using Helm.
Use aws elb describe-load-balancers to print out all of your ELBs. You'll have to find the ELB in there (I don't know how to tell you which one it is) and look in the LoadBalancerDescriptions[].ListenerDescriptions[].Listener.Protocol and InstanceProtocol to make sure that they are HTTPS and HTTP, respectively.
Second, this is all you need in your config.toml:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
regex = "^http://(.*)"
replacement = "https://$1"
[entryPoints.httpn]
address = ":8880"
compress = true
Explanation:
- Listen on port 80
- Set up a permanent redirect for any traffic on port 80 to port 8880
- Listen on port 8880 with HTTP and enable gzip compression
The ELB should have port 80 mapped to port 80 and port 443 mapped to port 8880. Now all HTTP traffic will be automatically redirected (use curl -v -L http://example.com to test) to HTTPS and terminated at the ELB and forwarded as HTTP to Traefik.
I am still looking for a good way to specify the protocols for the ELB listeners on deploy but I haven't come up with a good solution other than manually changing them via the AWS console after I deploy Traefik.
来源:https://stackoverflow.com/questions/48065843/unable-to-redirect-from-http-to-https-behind-aws-load-balancer