无法在 AWS 负载均衡器后面从 http 重定向到 https [英] Unable to redirect from http to https behind AWS load balancer

问题描述

我在带有牧场主后端的 AWS 实例上运行 traefik.我在 AWS 负载均衡器上终止 SSL，并在端口 80 上与实例通信，该实例将 :80 流量转发到 traefik 容器.

I'm running traefik on an AWS instance with a rancher back-end. I am terminating SSL at the AWS load balancer, and am communicating on port 80 with the instance, which forwards the :80 traffic to the traefik container.

所以负载均衡器目前有:https:443 ==> http:80http:80 ==> http:80

So the Load balancer currently has: https:443 ==> http:80 http:80 ==> http:80

这意味着，如果您输入 https://example.com，您将获得 SSL，如果您输入 <一个 href="http://example.com" rel="nofollow noreferrer">http://example.com，你只是得到一个普通的 http 连接.

That means, if you type https://example.com, you get SSL, and if you type http://example.com, you just get an ordinary http connection.

希望通过 http 302 自动重定向 - 它会重定向 http://example.comhttps://example.com.

The desire is to have an auto redirect via http 302 -- it would redirect http://example.com to https://example.com.

到目前为止，我尝试失败的是:

So far what I've unsuccessfully tried is the following:

** AWS 负载均衡器**

** AWS Load balancer**

https:443 => http:80
http:80 => http:81

https:443 => http:80
http:80 => http:81

traefik.toml
------------
[entryPoints]
  [entryPoints.http]
  address = ":81"
     [entryPoints.http.redirect]
     regex = "^http://example.com/(.*)"
     replacement = "https://example.com/$1"
  address = ":80"

docker-compose.yml
------------------
API-Proxy:
  container_name: api-proxy
  image: traefik
  volumes:
  - "/var/run/docker.sock:/var/run/docker.sock"
  - "$PWD/traefik.toml:/etc/traefik/traefik.toml"
  command: "--web --rancher --docker.domain=rancher.localhost --logLevel=DEBUG"
  cpu_shares: 128
  restart: always
  ports:
  - 80:80/tcp
  - 81:81/tcp
  - 8100:8080/tcp

当我尝试通过端口 80 访问时，出现超时.Traefik 日志似乎没有帮助.

When I try accessing via port 80, there's a timeout. Traefik logs don't seem to be helpful.

这是一种愚蠢的方法吗?还是使用 Let's encrypt 在 traefic 容器处终止 SSL 更好?

Is this a silly approach? Or is it better to terminate SSL at the traefic container using Let's encrypt?

推荐答案

在您的 Traefik 配置中尝试类似的操作.然后将 LB 上的 443 和 80 端口都转发到 Traefik 上的 80 端口.

Try something like this in your Traefik config. Then forward both ports 443 and 80 on the LB to port 80 on Traefik.

[entryPoints]
  [entryPoints.http]
     address = ":80"
     [entryPoints.http.redirect]
     regex = "^http://(.*)"
     replacement = "https://$1"

这篇关于无法在 AWS 负载均衡器后面从 http 重定向到 https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！