Traefik IngressRoute redirect doesn’t work

Question

I have setup following IngressRoute for default path and wp-*

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: external-1
  namespace: marketing
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`example.com`) || Host(`www.example.com`)
      kind: Rule
      services:
        - name: wordpress
          port: 80
      middlewares:
        - name: https-redirect
  tls:
    secretName: prod-cert

and

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: wp-admin-1
  namespace: marketing
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`example.com`) || Host(`www.example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
      kind: Rule
      services:
        - name: wordpress
          port: 80
      middlewares:
        - name: secured-restricted
  tls:
    secretName: prod-cert

Middleware :

---

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: secured-restricted
  namespace: marketing
spec:
  chain:
    middlewares:
    - name: https-redirect
    - name: permited-ips

---

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https-redirect
  namespace: marketing
spec:
  redirectScheme:
    scheme: https
    permanent: true

---

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: permited-ips
  namespace: marketing
spec:
  ipWhiteList:
    sourceRange:
    - #.#.#.#/28

---

https://www.example.com --> works

https://example.com --> Get Forbidden

https://example.com works only when I try to access it from whitelisted IP (#.#.#.#/28)

So looks like external-1 IngressRoute is not getting hit.

What is wrong with this setup ?

score 0 · Accepted Answer · answered Jun 24 '22 at 15:30

Splitting the rules in following way fixed the issue.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: external-1
  namespace: marketing
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`example.com`)
      kind: Rule
      services:
        - name: wordpress
          port: 80
    - match: Host(`www.example.com`)
      kind: Rule
      services:
        - name: wordpress
          port: 80
      middlewares:
        - name: https-redirect
  tls:
    secretName: prod-cert

and

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: wp-admin-1
  namespace: marketing
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
      kind: Rule
      services:
        - name: wordpress
          port: 80
    - match: Host(`www.example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
      kind: Rule
      services:
        - name: wordpress
          port: 80
      middlewares:
        - name: secured-restricted
  tls:
    secretName: prod-cert

score 0 · Answer 2 · answered Dec 16 '22 at 22:47

0

You probably forgot a bracket, and your original configuration might just work by changing to this:

(Host(`example.com`) || Host(`www.example.com`)) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)

answered Dec 16 '22 at 22:47

Prasannjeet Singh

756
7
17

Traefik IngressRoute redirect doesn’t work

2 Answers2