[Bug]: HTTP to HTTPS permanent redirect not working

[ktufekcic]

Error Message and Logs

#1604
#1880

These were supposed to be fixed but I'm still running into it on 4.0.0-beta.391, and in my opinion this should be a very common usecase, since production instances will always want 301 redirects for http-https and www-nonwww.

Traefik container labels:
traefik.enable=true
traefik.http.middlewares.1--to-non-www.redirectregex.permanent=true
traefik.http.middlewares.1--to-non-www.redirectregex.regex=^(http|https)://www.(.+)
traefik.http.middlewares.1--to-non-www.redirectregex.replacement=${1}://${2}
traefik.http.middlewares.gzip.compress=true
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true
traefik.http.routers.http-0-.entryPoints=http
traefik.http.routers.http-0-.middlewares=redirect-to-https
traefik.http.routers.http-0-.rule=Host(mysite.com) && PathPrefix(/)
traefik.http.routers.http-0-.service=http-0-
traefik.http.routers.http-1-.entryPoints=http
traefik.http.routers.http-1-.middlewares=redirect-to-https
traefik.http.routers.http-1-.rule=Host(www.mysite.com) && PathPrefix(/)
traefik.http.routers.http-1-.service=http-1-
traefik.http.routers.https-0-.entryPoints=https
traefik.http.routers.https-0-.middlewares=gzip
traefik.http.routers.https-0-.rule=Host(mysite.com) && PathPrefix(/)
traefik.http.routers.https-0-.service=https-0-
traefik.http.routers.https-0-.tls.certresolver=letsencrypt
traefik.http.routers.https-0-.tls=true
traefik.http.routers.https-1-.entryPoints=https
traefik.http.routers.https-1-.middlewares=gzip,1--to-non-www
traefik.http.routers.https-1-.rule=Host(www.mysite.com) && PathPrefix(/)
traefik.http.routers.https-1-.service=https-1-
traefik.http.routers.https-1-.tls.certresolver=letsencrypt
traefik.http.routers.https-1-.tls=true
traefik.http.services.http-0-.loadbalancer.server.port=3000
traefik.http.services.http-1-.loadbalancer.server.port=3000
traefik.http.services.https-0-.loadbalancer.server.port=3000
traefik.http.services.https-1-.loadbalancer.server.port=3000

www to non-www permanent redirect works fine, it's always 301, however, if I add:
traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true
http URL will display generic 404 page, and if I remove it, the redirect will be 302

I tried all possible combinations of configs, enabling/disabling forced HTTPS, adding http://... to domains list in general, best I can get is 302 redirect or just straight up http version of the site. According to Traefik's docs, adding that line should enable 301 redirects, am I maybe missing some other config?

Steps to Reproduce

Example Repository URL

No response

Coolify Version

4.0.0-beta.391

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

Ubuntu 22.04

Additional Information

No response

[djsisson]

@ktufekcic the issue is, this middleware is not local to the file but global within traefik, so you can't redefine the same middleware but use different values, as it will be defined as false elsewhere

you just need to use a different name, or if you want it for all http entrypoints you just define it on the entrypoint itself

--entryPoints.http.http.redirections.entryPoint.to=https
--entryPoints.http.http.redirections.entryPoint.scheme=https
--entryPoints.http.http.redirections.entrypoint.permanent=true

however due to the way coolify handles middleware, this is very hard to achieve using automatic labelling, as coolify would still define the seperate http and https entrypoint labels + middleware on every container

so i think the best solutions is to add the above labels to the static config, and then just use https only in your domains, the incoming http requests should get 301 to https before being resolved to a container.

[ktufekcic]

I see.

So in case of multiple servers for example, you'd need to set this at server level for each server, instead of for each app?
To clarify further, I have 3 servers, 2 are serving databases, prod and staging, and 1 is serving sites, prod and staging, and everything is held together by Coolify, so setting this as global on the server with the sites isn't a big deal, but I'm not sure I get how to go about it honestly. The 3 labels you mentioned are CLI flags, which are used by main traefik compose file, the coolify.yaml is a yaml config file, and the container labels (per app configs) are, well, docker labels

[djsisson]

you would add it to any traefik config as cli flags which is used for ingress ( if you use cloudflare you can just set it on your domain)

also just to clarify, any middleware defined on one set of container labels in docker, is not local to that file, but added to the traefik dynamic config, and can be referenced anywhere else, so the issue is, the redefining a known middleware to have different values. This causes that particular container to error so isn't defined and you get a 404

i do think middleware should be handled differently within coolify, instead of defining the same middleware in every container, it should be defined once in a dynamic file, and then every project/container you just pick from the list of known middleware that you want to apply.

i.e www to non-www /// http to https /// gzip-full /// gzip-not text/stream /// basic auth etc

[ktufekcic]

Yep, that worked, thank you so much! I really needed that clarification