无法在 AWS 负载均衡器后面从 http 重定向到 https [英] Unable to redirect from http to https behind AWS load balancer
问题描述
我在带有牧场主后端的 AWS 实例上运行 traefik.我在 AWS 负载均衡器上终止 SSL,并在端口 80 上与实例通信,该实例将 :80 流量转发到 traefik 容器.
I'm running traefik on an AWS instance with a rancher back-end. I am terminating SSL at the AWS load balancer, and am communicating on port 80 with the instance, which forwards the :80 traffic to the traefik container.
所以负载均衡器目前有:https:443 ==> http:80http:80 ==> http:80
So the Load balancer currently has: https:443 ==> http:80 http:80 ==> http:80
这意味着,如果您输入 https://example.com,您将获得 SSL,如果您输入 <一个 href="http://example.com" rel="nofollow noreferrer">http://example.com,你只是得到一个普通的 http 连接.
That means, if you type https://example.com, you get SSL, and if you type http://example.com, you just get an ordinary http connection.
希望通过 http 302 自动重定向 - 它会重定向 http://example.comhttps://example.com.
The desire is to have an auto redirect via http 302 -- it would redirect http://example.com to https://example.com.
到目前为止,我尝试失败的是:
So far what I've unsuccessfully tried is the following:
** AWS 负载均衡器**
** AWS Load balancer**
https:443 => http:80
http:80 => http:81
https:443 => http:80
http:80 => http:81
traefik.toml
------------
[entryPoints]
[entryPoints.http]
address = ":81"
[entryPoints.http.redirect]
regex = "^http://example.com/(.*)"
replacement = "https://example.com/$1"
address = ":80"
docker-compose.yml
------------------
API-Proxy:
container_name: api-proxy
image: traefik
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "$PWD/traefik.toml:/etc/traefik/traefik.toml"
command: "--web --rancher --docker.domain=rancher.localhost --logLevel=DEBUG"
cpu_shares: 128
restart: always
ports:
- 80:80/tcp
- 81:81/tcp
- 8100:8080/tcp
当我尝试通过端口 80 访问时,出现超时.Traefik 日志似乎没有帮助.
When I try accessing via port 80, there's a timeout. Traefik logs don't seem to be helpful.
这是一种愚蠢的方法吗?还是使用 Let's encrypt 在 traefic 容器处终止 SSL 更好?
Is this a silly approach? Or is it better to terminate SSL at the traefic container using Let's encrypt?
推荐答案
在您的 Traefik 配置中尝试类似的操作.然后将 LB 上的 443 和 80 端口都转发到 Traefik 上的 80 端口.
Try something like this in your Traefik config. Then forward both ports 443 and 80 on the LB to port 80 on Traefik.
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
regex = "^http://(.*)"
replacement = "https://$1"
这篇关于无法在 AWS 负载均衡器后面从 http 重定向到 https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!