traefik - HTTP to HTTPS WWW Redirect

Question

I could not find a question similar to this, there were others mentioning https redirects, but not about minimizing the redirects.

Been looking for a solution, and could not sort it out yet.

We use Docker > Traefik for WordPress and have www as the preferred version for WordPress. There are multiple WP instances. Domains are added dynamically.

However, with this config, I am receiving two redirects, from http to https to https www

http://example.com/
https://example.com/
https://www.example.com/

Is there any way to minimize the redirect?

ideally a 301 redirect from

http://example.com directly to https://www.example.com 

Traefik config file as follows

defaultEntryPoints = ["http", "https"]

[web]
address = ":8080"

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"

[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true


[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.example.com"
watch = true
exposedbydefault = false

Answer 1

Try replacing your [entryPoints.http.redirect] entry with this:

[entryPoints.http.redirect]
#entryPoint = "https"
regex = "^http:\/\/(www\.)*(example\.com)(.*)"
replacement = "https://www.$2$3"
permanent = true

Regex101

It will not handle the https://example.com/ entry so you need to add:

[entryPoints.https.redirect]
regex = "^https:\/\/(example\.com)(.*)"
replacement = "https://www.$1/$2"
permanent = true

If you have multiple frontedns, the regex can get hard to handle, so instead you can consider having a label on the container, like this:

traefik.frontend.headers.SSLRedirect=true
traefik.frontend.headers.SSLHost=www.example.com

As of 1.7 there is new option SSLForceHost that would force even existing SSL connection to be redirected.

traefik.frontend.headers.SSLForceHost=true

Answer 2

This is how I got it to work with docker provider behind AWS ELB.

traefik container

/usr/bin/docker run --rm \
  --name traefik \
  -p 5080:80 \
  -p 5443:443 \
  -v /etc/traefik/traefik.toml:/etc/traefik/traefik.toml \
  -v /var/run/docker.sock:/var/run/docker.sock \
  traefik

traefik.toml

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
    address = ":80"

  [entryPoints.https]
    address = ":443"

docker labels

  -l traefik.enable=true \
  -l traefik.http.middlewares.redirect.redirectregex.regex="^http://(.*)" \
  -l traefik.http.middlewares.redirect.redirectregex.replacement="https://\$1" \
  -l traefik.http.routers.web-redirect.rule="Host(\`domain.com\`)" \
  -l traefik.http.routers.web-redirect.entrypoints="http" \
  -l traefik.http.routers.web-redirect.middlewares="redirect" \
  -l traefik.http.routers.web-secure.rule="Host(\`domain.com\`)" \
  -l traefik.http.routers.web-secure.entrypoints="https" \

ELB listeners

Answer 3

Here's what I had to do. The above answer was helpful, but traefik wouldn't start because you actually need a double \ to escape in the .toml.

Also you still need to make sure you have the normal entry points and ports there. Here's my complete entryPoints section:

[entryPoints]
  [entryPoints.http]
    address = ":80"
  [entryPoints.https]
    address = ":443"
  [entryPoints.http.redirect]
    regex = "^http:\\/\\/(www.)*(example\\.com)(.*)"
    replacement = "https://www.$2/$3"
    permanent = true
  [entryPoints.https.redirect]
    regex = "^https:\\/\\/(example.com)(.*)"
    replacement = "https://www.$1/$2"
    permanent = true
[entryPoints.https.tls]