Architecture & Construction | Legal Services | Consultancy Services | Digital Marketing | Creative Services | IT Services | Personal Marketing

The Sample Project

ClientThe Sample Project
The Sample Project

About the Project

This behavior (HTTP works, HTTPS fails) almost always points to one of two problems: a Firewall issue or a Certificate issue.

Here is the step-by-step fix.

1. The Critical Check: Is Port 443 Open?

If your page "loads" (even a 404) on HTTP but times out or refuses to connect on HTTPS, your server is likely blocking the secure port.

Action: Run these commands on your server:

Bash 
# 1. Check if UFW (firewall) is active and what is allowed
sudo ufw status

# 2. If you don't see '443' or 'HTTPS' in the ALLOW list, run:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

Note: If you are on AWS/DigitalOcean/Azure, you also need to open Port 443 in their web console (Security Groups).

2. Fix the Traefik Labels (Split the Router)

Your current configuration has a logic error. You are applying a redirect middleware to the secure router, and you haven't defined an insecure (HTTP) router to catch the traffic in the first place.

To make this robust (HTTP redirects to HTTPS, and HTTPS serves the app), you need two separate router sections in your labels.

Replace your current labels section with this exact block:

YAML 
    labels:
      - "traefik.enable=true"

      # -------------------------------------------------------
      # 1. HTTPS ROUTER (The Secure Connection)
      # -------------------------------------------------------
      - "traefik.http.routers.cms-secure.rule=Host(`cms.thetablecult.com`)"
      - "traefik.http.routers.cms-secure.entrypoints=websecure"
      - "traefik.http.routers.cms-secure.tls.certresolver=myresolver"
      - "traefik.http.services.cms-secure.loadbalancer.server.port=8055"
      - "traefik.docker.network=proxy-net"

      # -------------------------------------------------------
      # 2. HTTP ROUTER (The Redirect)
      # -------------------------------------------------------
      - "traefik.http.routers.cms-http.rule=Host(`cms.thetablecult.com`)"
      - "traefik.http.routers.cms-http.entrypoints=web"
      - "traefik.http.routers.cms-http.middlewares=force-secure"
      
      # Define the Middleware (if not defined globally in Traefik)
      - "traefik.http.middlewares.force-secure.redirectscheme.scheme=https"

Why this works:

  1. cms-http: Listens on port 80 (web). It catches the request and immediately applies force-secure, sending the user to HTTPS.

  2. cms-secure: Listens on port 443 (websecure). It performs the TLS handshake, verifies the certificate, and forwards traffic to the container port 8055.

3. Check Traefik Logs (If it still fails)

If you open the firewall and update the labels but still get an error, check the Traefik logs to see if the certificate challenge is failing.

Bash 
docker service logs -f traefik_app_proxy
# OR if using basic compose
docker logs -f traefik

Look for lines containing error or acme. If myresolver cannot generate a cert, Traefik will serve a "Traefik Default Cert" which browsers will reject as unsafe.

Project Highlights

  • LOW-COST
  • SPEED-DELIVERY

Project Outcomes

#

200%

LinkedIn Engangement

This behavior (HTTP works, HTTPS fails) almost always points to one of two problems: a Firewall issue or a Certificate issue.

#

10+

client aquisitions

yes , client aquisitions

← Back to Portfolio