nginx `proxy_redirect` in traefik (redirect without changing url)

Question

basically how this will look like in traefik if it is possible:

location  /blog/ {
    proxy_pass https://blog.example.com/;
    proxy_redirect https://blog.example.com/ https://www.example.com/blog/;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host blog.example.com;
} 

I tried, this config in my docker-compose:

- 'traefik.frontend.redirect.regex=^https://example.com/blog/(.*)$$'
- 'traefik.frontend.redirect.replacement=https://blog.example.com/$$1'

this does work, but it just redirects, to https://blog.example.com, I want to keep original url https://example.com/blog/ and show content from https://blog.example.com.

is it possible to achieve with the traefik?

Answer 1

In Traefik, that redirect label is for interaction with client (sending your browser to another location)

I am still trying to figure out what is the exact replacement for proxy_redirect. As per Nginx docs, this directive:

Sets the text that should be changed in the “Location” and “Refresh” header fields of a proxied server response.

So in docker-compose.yaml those two header fields could be placed like this:

labels:
  - "traefik.frontend.headers.customResponseHeaders=Location:value1||Refresh:value1"

But I'm not sure how to replace them with regex. Maybe there is a more "traefikal" approach out there.

I know this isn't a real answer, but I can't post a comment due to my low points.

I found your question while looking for a solution for Jenkins behind Traefik SSL.

Answer 2

I ran into this issue while configuring Traefik as a reverse proxy for my Pi-Hole admin web interface that listens on /admin and redirects the user to /admin/ after succesful login.

I solved the first problem by making use of a replacepathregex middleware that would redirect any path starting with /pihole (my desired endpoint) with a request to /admin when forwarding.

The second problem was a lot more tricky and (seemingly) could not be solved through built-in middlewares as of Traefik 2.10.4 (the latest at the time of writing).

I found there is an ongoing GitHub issue that requests support for this behavior through a replaceResponseHeaders middleware, but is not actively being worked on. Instead, multiple alternatives have been developed that make use of Traefik plugins. The one that worked for me is also listed in the discussion at the GitHub issue and is named Rewrite Header (repository).

I hope you can use (parts of) my solution to apply to your problem.

Full solution

Dynamic configuration

experimental:
  plugins:
    rewriteHeaders:
      modulename: "github.com/XciD/traefik-plugin-rewrite-headers"
      version: "v0.0.3"

Static configuration

version: "3.7"

# Adapted from https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

services:
  pihole:
    image: pihole/pihole:latest
    labels:
      # Enable managing of this service through Traefik
      - traefik.enable=true

      # Attach the correct Docker network
      - traefik.docker.network=traefik

      # Configure router to have /pihole route to port 80 internally
      - traefik.http.routers.pihole.rule=PathPrefix(`/pihole`)
      - traefik.http.services.pihole.loadbalancer.server.port=80

      # Fix incorrect redirects to loop back to PathPrefix rule
      # Depends on: https://plugins.traefik.io/plugins/628c9eb5108ecc83915d7758/rewrite-header
      - traefik.http.middlewares.pihole-force-slash.plugin.rewriteHeaders.rewrites[0].header=Location
      - traefik.http.middlewares.pihole-force-slash.plugin.rewriteHeaders.rewrites[0].regex=^(.*)/admin(.*)
      - traefik.http.middlewares.pihole-force-slash.plugin.rewriteHeaders.rewrites[0].replacement=$$1/pihole$$2

      # Make sure traffic ends up at /admin internally
      - traefik.http.middlewares.pihole-redirect.replacepathregex.regex=^/pihole/(.*)
      - traefik.http.middlewares.pihole-redirect.replacepathregex.replacement=/admin/$$1

      # Allow framing for displaying API token
      - traefik.http.middlewares.pihole-allow-framing.headers.customFrameOptionsValue=SAMEORIGIN

      # Enable middlewares
      - traefik.http.routers.pihole.middlewares=pihole-redirect,pihole-allow-framing,pihole-force-slash