Traefik and Nginx with HTTPS on Docker / 400 Bad Request

First there is no need to have SSL redirection configured in both Traefik and Nginx. Also Traefik frontend is matching only non www variant but backend app expects www. Finally Traefik web provider is deprecated so there should be newer api provider.

As I just stumbled upon a similar problem with Traefik v2

400 Bad Request / The plain HTTP request was sent to HTTPS port

with an Nginx error log stating

400 client sent plain HTTP request to HTTPS port while reading client request headers

and scratching my head over it, I finally found the source of that error. It's not that the TLS certs were invalid or something in the transport broken, but that the wiring between routers, services and port mappings were off.

Previously I did not see, that the Docker Compose stack had an Nginx container only listening on 80/tcp. I assumed everything's ok as I attached the ports to Traefik load balancers attached to a separate service per http/https endpoints with separated routers. This somehow did not work:

- "traefik.http.services.proxy.loadbalancer.server.port=80"- "traefik.http.services.proxy-secure.loadbalancer.server.port=443"

Intermediary I now opened port: - "8008:80" - "8443:443" and got it working. Investigating further what's wrong with Traefik ports as those should get exposed per default. This is not a solution as those ports are now available to the outside world, but I am leaving this explanation here as I could not find anything on this topic that would point me in the right direction, so hopefully it's helpful for someone else later on.