Traefik v2：404，同时将HTTP流量全局路由到HTTPS [英] Traefik v2: 404 while routing HTTP traffic globally to HTTPS

问题描述

我有一个问题，我可以路由HTTPS流量，但是无法将HTTP流量全局重定向到HTTPS。在我的情况下，我只需要HTTPS流量，因此我想重定向所有传入的流量。

I have the problem that I can route HTTPS traffic but I can not globally redirect the HTTP traffic to HTTPS. In my case I only want HTTPS traffic, so that I want to redirect all the incoming traffic.

当前，当我尝试通过HTTP服务URL时，出现了404错误。 。
我已经在Treafik中启用了DEBUG日志，但是在日志中看不到任何问题或不正常的东西。

Currently I get an 404 error while I try to serve my URLs over HTTP. I already enabled DEBUG logs in Treafik, but I can not see any problems or unnormal stuff in the logs.

此外，我在Stackoverflow上看到了一个非常相似的主题，但是我们发现，他的错误与我的错误有所不同：如何使用Traefik 2.0和Docker Compose标签将HTTP重定向到https ？

Additionally I saw a pretty similar topic here on Stackoverflow, but we found out, that his error was not the same to mine: How to redirect http to https with Traefik 2.0 and Docker Compose labels?

以下设置基于此处的博客条目： https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d

The following setup is based on the blog entry here: https://blog.containo.us/traefik-2-0-docker-101-fc2893944b9d

我的设置

我在集群中配置了Traefik，如下所示：

I configured Traefik in my swarm like this:

global:
  checkNewVersion: false
  sendAnonymousUsage: false
api:
  dashboard: true
entryPoints:
  web:
    address: :80
  websecure:
    address: :443
providers:
  providersThrottleDuration: 2s
docker:
  watch: true
  endpoint: unix:///var/run/docker.sock
  swarmMode: true
  swarmModeRefreshSeconds: 15s
  exposedByDefault: false
  network: webgateway
log:
  level: DEBUG
accessLog: {}
certificatesResolvers:
  default:
    acme:
    email: {email}
    storage: /etc/traefik/acme/acme.json
    httpChallenge:
      entryPoint: web

并开始具有以下docker-compose文件的Traefik

And started Traefik with the following docker-compose file

version: '3'

services:
proxy:
    image: traefik:latest
    ports:
    - "80:80"
    - "443:443"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /data/docker_data/traefik/traefik-2.yml:/etc/traefik/traefik.yml
    - /data/docker_data/traefik/acme-2.json:/etc/traefik/acme/acme.json
    labels:
    # redirect
    - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
    - "traefik.http.routers.redirs.entrypoints=web"
    - "traefik.http.routers.redirs.middlewares=redirect-to-https"

我的服务配置有以下标签：

My services are configured with the following labels:

traefik.http.routers.myapp.rule=Host(`myapp.ch`)
traefik.http.routers.myapp.service=myapp
traefik.http.routers.myapp.entrypoints=websecure
# I don't think that the following one is required here...
# traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
traefik.http.routers.myapp.tls.certresolver=default
traefik.http.services.myapp.loadbalancer.server.port=3000
traefik.http.routers.myapp.tls=true
traefik.enable=true

知道为什么这行不通吗？

Any ideas why this is not working?

推荐答案

您不需要配置Traefik服务本身。在Traefik上，您仅需要具有：443（websecure）和：80（web）的入口点

You don't need to configure the Traefik service itself. On Traefik you only need to have entrypoints to :443 (websecure) and :80 (web)

因为Traefik仅充当入口点，并且不会执行重定向，中间件

Because Traefik only acts as entryPoint and will not do the redirect, the middleware on the target service will do that.

现在将目标服务配置为以下内容：

Now configure your target service as the following:

version: '2'
services:
  mywebserver:
    image: 'httpd:alpine'
    container_name: mywebserver
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.mywebserver-redirect-websecure.redirectscheme.scheme=https
      - traefik.http.routers.mywebserver-web.middlewares=mywebserver-redirect-websecure
      - traefik.http.routers.mywebserver-web.rule=Host(`sub.domain.com`)
      - traefik.http.routers.mywebserver-web.entrypoints=web
      - traefik.http.routers.mywebserver-websecure.rule=Host(`sub.domain.com`)
      - traefik.http.routers.mywebserver-websecure.tls.certresolver=mytlschallenge
      - traefik.http.routers.mywebserver-websecure.tls=true
      - traefik.http.routers.mywebserver-websecure.entrypoints=websecure
      # if you have multiple ports exposed on the service, specify port in the websecure service
      - traefik.http.services.mywebserver-websecure.loadbalancer.server.port=9000

所以基本上流程是这样的：

So basically the flow goes like this:

请求： http://sub.domain.com:80 -> traefik（服务）-> mywebserver-web（路由器，http规则）-> mywebserver-redirect-websecure（中间件，重定向至https） -> mywebserver-websecure（路由器，https规则）-> mywebserver（服务）

Request: http://sub.domain.com:80 --> traefik (service) --> mywebserver-web (router, http rule) --> mywebserver-redirect-websecure (middleware, redirect to https) --> mywebserver-websecure (router, https rule) --> mywebserver (service)

这篇关于Traefik v2：404，同时将HTTP流量全局路由到HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！