Set Up Traefik Redirect from HTTP to HTTPS

Traefik is a popular reverse proxy and load balancer that simplifies the process of managing microservices. One common requirement is to redirect HTTP traffic to HTTPS to ensure secure communication. This article outlines the steps to set up this redirection using Traefik.

Benefits of Redirecting HTTP to HTTPS

Redirecting HTTP to HTTPS offers several key advantages. Here are some of the primary benefits:

Enhanced Security

• Encryption: HTTPS encrypts data exchanged between the user’s browser and the server. This protects sensitive information like login credentials and personal details.
• Data Integrity: HTTPS ensures the data transferred remains unaltered during transit.
• Authentication: HTTPS verifies that the website the user is connecting to is legitimate, reducing the risk of man-in-the-middle attacks.

Improved SEO

• Search Engine Ranking: Google and other search engines favor HTTPS websites. This can lead to better search engine rankings.
• Increased Visibility: HTTPS websites are more likely to appear in search results, driving more organic traffic.

User Trust

• Browser Indicators: Modern browsers show a padlock icon or a green bar for HTTPS sites, making users feel more secure.
• Positive Perception: Users are more likely to trust and engage with a site that uses HTTPS.

Performance

• HTTP/2 Support: HTTPS is required for HTTP/2, which offers better performance and faster load times.
• Better User Experience: Faster load times lead to a smoother user experience, potentially increasing conversion rates.

Compliance

• Regulatory Requirements: Some industries require HTTPS to comply with data protection regulations.
• Customer Assurance: Meeting these requirements assures customers that their data is handled securely.

Competitive Advantage

• Staying Ahead: As more sites adopt HTTPS, staying with HTTP can put you at a competitive disadvantage.
• Modern Standards: Adopting HTTPS ensures you meet modern web standards and practices.

Prerequisites

• Traefik installed and running in your Docker environment
• A domain name configured to point to your server

I have created 2 articles that will help you set everything up if you want to use Docker and Traefik, will have evertying from VPS to Traefik configs:

• How to Use Traefik as A Reverse Proxy in Docker
• Traefik FREE Let’s Encrypt Wildcard Certificate With CloudFlare Provider

Step-by-Step Guide to Traefik HTTP to HTTPS Redirects

1. Setting Up Traefik Entrypoints

Traefik uses entrypoints to define the ports it listens on. You need to configure entrypoints for both HTTP and HTTPS.

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

These entrypoints can be defined in the traefik.yml configuration file.

You can configure them as commands in the docker-compose file with:

command:
  - "--entrypoints.http.address=:80"
  - "--entrypoints.https.address=:443"

2. Configuring HTTP to HTTPS Redirection

There are 2 options when it comes to configure a Traefik redirect, you can configure it global so all the services to use it or you can configure it on each services via labels. The below will teach you how to do that.

2.1 Global HTTP to HTTPS redirect

As mentioned above the Global ones will redirect all services and you don’t need to warry and add the redirection on each service you have 2 options:

Using Commands in Docker Compose File

command:
  - --entrypoints.http.http.redirections.entrypoint.to=https
  - --entrypoints.http.http.redirections.entrypoint.scheme=https

1. --entrypoints.http.http.redirections.entrypoint.to=https

This option tells Traefik to redirect all HTTP traffic to the HTTPS entry point.This means any request that comes in over HTTP will automatically be redirected to the equivalent HTTPS URL

2. --entrypoints.http.http.redirections.entrypoint.scheme=https

Ensures that the URL scheme of the redirected request is HTTPS. This is important because, without specifying the scheme, the browser might not change the protocol from http to https during the redirection.

Using a traefik.yml File

Second option is to mount a traefik.yml file and add the bellow for redirect:

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
  https:
    address: ":443"

2.2 Labels in Containers

Instead of using global redirects, you can add the following labels to each service that needs HTTPS redirection:

labels:
  - "traefik.http.routers.<service-name>.entrypoints=http"
  - "traefik.http.routers.<service-name>.rule=Host(`your-domain.com`)"
  - "traefik.http.routers.<service-name>.middlewares=https-redirect"
  - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
  - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"

Replace <service-name> with the name of your service and your-domain.com with your actual domain.

This configuration creates a middleware called https-redirect that performs the HTTPS redirection, and then applies this middleware to the HTTP router for each service.

Here’s a brief explanation of each label:

1. Specifies the entrypoint (http in this case)
2. Defines the rule for matching requests (based on the Host header)
3. Applies the https-redirect middleware to this router
4. Configures the redirect middleware to use HTTPS
5. Makes the redirect permanent (HTTP 301)

By using this approach, you can control which services have HTTPS redirection on a per-service basis, rather than applying it globally.

2.3 Verifying the Setup

• Access your domain via HTTP (e.g., http://mydomain.com). It should automatically redirect to HTTPS (e.g., https://mydomain.com).
• Check the Traefik dashboard to ensure that the routers and middlewares are correctly configured.

2.4. Troubleshooting

If you encounter issues:

1. Check Traefik logs for any error messages.
2. Verify that your domain is correctly pointing to your server’s IP.
3. Ensure that ports 80 and 443 are open on your server and properly forwarded if behind a NAT.
4. Double-check your Traefik configuration for any typos or misconfigurations.

Conclusion

Setting up HTTP to HTTPS redirection in Traefik enhances the security of your web services. By following this guide, you can ensure that all traffic to your services is securely redirected to HTTPS, protecting your users’ data.

Remember to keep your Traefik version updated and regularly review your security configurations to maintain a robust and secure infrastructure.