traefik - multiple port bindings for the same host V2

Question

I cannot figure out how to get a simple service to be accessible by both http and https on localhost. This is my setup so far and I'm using traefik V2.xxx.

I want to be able to hit this site using both https/http protocols (for reasons on dev machines only). The https works just fine but http does NOT. What labels do I need to add/remove/change?

http://whoami.localhost:8000/
https://whoami.localhost:8443/

docker-compose.yml

version: "3.7"

services:

  whoami:
    image: containous/whoami
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
      - traefik.http.routers.whoami.entrypoints=web,web-secure
      - traefik.http.routers.whoami.tls=true
      - traefik.protocol=http,https

  reverse-proxy:
    depends_on:
      - whoami
    image: traefik:v2.1.1
    ports:
      - 8000:80
      - 8443:443
      - 8001:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik:ro

traefik/traefik.toml

[log]
  level = "DEBUG"

[accessLog]
  filePath = "/logs/access.log"
  bufferingSize = 20

[docker]
  exposedbydefault = false

[api]
  dashboard = true
  insecure = true

[providers]
  [providers.file]
    filename = "/etc/traefik/traefik.toml"
    watch = true

  [providers.docker]
    exposedbydefault = false

[[tls.certificates]]
  certFile = "/etc/traefik/certs/localhost-cert.pem"
  keyFile = "/etc/traefik/certs/localhost-key.pem"

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

C:\Windows\System32\drivers\etc\hosts

127.0.0.1 whoami.localhost

Answer 1

Finally got this working. The traefik docs are squarely in the esoteric region on certain topics and given the recent major 2.0 release there isn't a lot of examples out there yet.

Here is my working docker-compose.yml file where the application is now being exposed using the same host "whomai.localhost" and on both port 8000 (http) and 8443 (https).

version: "3.7"

services:

    whoami:
    image: containous/whoami
    labels:
        - traefik.enable=true
        - traefik.http.routers.whoami-http.rule=Host(`whoami.localhost`)
        - traefik.http.routers.whoami-http.entrypoints=web
        - traefik.http.routers.whoami-http.service=whoami-http-service
        - traefik.http.services.whoami-http-service.loadbalancer.server.port=80

        - traefik.http.routers.whoami-https.rule=Host(`whoami.localhost`)
        - traefik.http.routers.whoami-https.entrypoints=web-secure
        - traefik.http.routers.whoami-https.service=whoami-https-service
        - traefik.http.services.whoami-https-service.loadbalancer.server.port=80
        - traefik.http.routers.whoami-https.tls=true

    reverse-proxy:
    depends_on:
        - whoami
    image: traefik:v2.1.1
    ports:
        - 8000:80
        - 8443:443
        - 8001:8080
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - ./traefik:/etc/traefik:ro

---

Routers and services in trafik 2.x can be dynamically created using whatever naming convention you want using docker labels. In this setup I just called them whoami-http and whoami-https for the routers and whoami-http-service and whoami-https-service for the services. Since I am dynamically creating my own routers/services instead of using the defaults the load-balancer for each service must be explicitly told the server port for the targeted application. Since the whoami app only exposes port 80 itself and TLS is terminated at traefik this is defined as port 80 for both http and https services.

All of the labels shown above are required and cannot be omitted for this type of custom router/service setup.

I'm using mkcert on Windows 10 for valid local certificates in case you were wondering.

mkcert -install

mkcert -key-file traefik\certs\localhost-key.pem -cert-file traefik\certs\localhost-cert.pem whoami.localhost localhost 127.0.0.1 ::1

Answer 2

Actually, all you need are 3 labels, as long as you default to tls for the websecure entrypoint.

docker-compose.yml

version: "3.7"

services:

  whoami:
    image: containous/whoami
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
      - traefik.http.services.whoami.loadbalancer.port=80

  reverse-proxy:
    image: traefik:v2.1.1
    ports:
      - 8000:80
      - 8443:443
      - 8001:8080
    command: --entrypoints.web-secure.http.tls=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik:ro