1

I'm using Traefik with a few FastAPI Docker containers (not using swarm). Everything is working perfectly except my Jinja2 templates are rendering http prefixes when I make references like {{ url_for('assets', path='css/styles.css') }} and {{request.url}}. From what I've read, this means that I need to force-set X-Forwards*.

I can't seem to find any documentation about using the docker-compose style settings that I've used thus far. My current docker-compose for the fastapi container that isn't forwarding

  fastapi:
    container_name: "fastapi"
    image: "fastapi:latest"
    env_file:
      - .env
    build:
      context: ./
      dockerfile: Dockerfile
      labels:
        - fastapi
    volumes:
        - .:/app
    restart: unless-stopped
    labels:
      # Enable Traefik for this specific "backend" service
      - traefik.enable=true
      # Define the port inside of the Docker service to use
      - traefik.http.services.fastapi.loadbalancer.server.port=80
      # Make Traefik use this domain in HTTP
      - traefik.http.routers.fastapi-http.entrypoints=http
      - traefik.http.routers.fastapi-http.rule=Host(`${WEBSITE_URL?Variable not set}`)
      # Use the traefik-public network (declared below)
      - traefik.docker.network=traefik-public
      # Make Traefik use this domain in HTTPS
      - traefik.http.routers.fastapi-https.entrypoints=https
      - traefik.http.routers.fastapi-https.rule=Host(`${WEBSITE_URL?Variable not set}`)
      - traefik.http.routers.fastapi-https.tls=true
      # Use the "le" (Let's Encrypt) resolver
      - traefik.http.routers.fastapi-https.tls.certresolver=le
      # https-redirect middleware to redirect HTTP to HTTPS
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      # Middleware to redirect HTTP to HTTPS
      - traefik.http.routers.fastapi-http.middlewares=https-redirect

    networks:
      - traefik-public

networks:
  traefik-public:
    external: true

I've tried adding all of the following without any success:

  - traefik.http.middlewares.https-redirect.headers.customrequestheaders.X-Forwarded-Proto=http

  - traefik.http.middlewares.https-redirect.headers.customrequestheaders.X-Forwarded-Proto=https

  - traefik.http.routers.fastapi-https.rule=Host(`${WEBSITE_URL?Variable not set}`) && Headers(`X-Test`, `https`)

  - traefik.http.routers.fastapi-https.rule=Host(`${WEBSITE_URL?Variable not set}`) && Headers(`X-Forwarded-Proto`, `https`)

Would really appreciate it if anyone knows how to fix this.

jonbon
  • 1,142
  • 3
  • 12
  • 37

1 Answers1

0

responding to all points here because other people might come accross the issue, but using only the last point should be enough in your case

If what you want is adding a custom header "X-Forwarded-Proto: https" in all calls to your fastapi endpoint, your second try :

- traefik.http.middlewares.https-redirect.headers.customrequestheaders.X-Forwarded-Proto=https

is the way to go; see the headers middleware docs

(I would have put it in a distinct name than "https-redirect")

  • Note : Also keep in mind that the X-forwarded are not always displayed by browers see this

One can also use the Forwarded headers rooting options that allow to forward all headers and not just the X-Forwarded-Proto

This is if you want to patch your fastapi issue using traefik powers, however I would recommend to fix the root issue with the jinja2 templates using solutions like this

I think it is simpler and safer to make the jinja2 templates use https from the beginning

Hopes this helps

Corentin Jacquet
  • 294
  • 3
  • 8