The Traefik API gateway/proxy comes with a whole bunch of built-in policies. Traefik calls them "middlewares". There is a middleware named "redirectscheme" which lets you force a redirect from one protocol scheme to another, e.g. http to https. There is however one pitfall: this middleware does not support to be applied to a TLS-enabled router. So, you will have to set up a second router which is only there for the redirect. You will end up with something like this:
docker run -dit \ --name my_service_behind_traefik \ --label traefik.http.routers.viahttp.rule='Host(`your.host.com`)' \ --label traefik.http.routers.viahttp.entrypoints=http \ --label traefik.http.routers.viahttp.middlewares=https_only \ --label traefik.http.routers.viahttps.rule='Host(`your.host.com`)' \ ...the rest of your actual router config... --label traefik.http.middlewares.https_only.redirectscheme.scheme=https \ ...the rest of your run command...
As you can see above, you will have to set up two routers:
- one for http (in my example "viahttp")
- one for https (in my example "viahttps")
The "viahttp" router only serves the purpose of activating a redirect middleware (in my example "https_only") to point the client to the TLS-enabled router ("viahttps").
Not a big deal if you know it. May cost time if you don't.