Redirecting requests to HTTPS from HTTP is a relatively straight forward process: create the middleware and then apply the middleware.
Where most get confused and begin going down the preverbal rabbit hole is when trying to combine both the http and https entryPoints into the same IngressRoute.
To handle this redirect scenario you need to create two separate IngressRoute objects for http and https respectively.
Create the Middleware
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: http-to-https
namespace: traefik
spec:
redirectScheme:
scheme: https
permanent: trueCreate the HTTP IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: http
namespace: test
spec:
entryPoints:
- http
routes:
- match: Host(`api.matthewdavis.io`) && PathPrefix(`/`)
kind: Rule
middlewares:
- name: default-http-to-https@kubernetescrd
services:
- name: whoami
port: 80Create the HTTPS IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: https
namespace: test
spec:
entryPoints:
- https
routes:
- kind: Rule
match: Host(`api.matthewdavis.io`)
services:
- name: whoami
port: 80
tls:
secretName: tls-traefik
options:
name: traefik-tls-options
namespace: defaultTo recap, the following MUST be true:
- When referencing the middleware name it must start with the namespace and end with
@kubernetesccrd(i.e.:default-http-to-https@kubernetescrd). - You must NOT have a
tlsdeclaration in your httpIngressRouteobjects.
Additional
In case you need another middleware that you can test with and customize things a bit more:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: headering
spec:
headers:
customRequestHeaders:
X-Script-Name: "itainteasy"
customResponseHeaders:
X-Custom-Response-Header: "tryharder"