I have a Kubernetes setup where Traefik is my ingress controller. Traefik is behind an AWS ELB which is listening on an SSL port (TCP:443) so that it can terminate the SSL using an ACM certificate. It then load balances you to traefik (in k8s) which listens on TCP:80. We require this set up as we whitelist on a per-ingress basis in traefik and use the proxy protocol header to do this (we tried using x-fowarded-for whitelisting on http load balancer but this was easy to bypass).

This is working for HTTPS traffic coming in but I would like to set up http redirection to https. So far I have set up a TCP:80 listener on the load balancer forwarding to TCP:81. I've also set up my Traefik entrypoints using a configuration file:

defaultEntryPoints = ["http"]
debug = false
logLevel = "INFO"

# Do not verify backend certificates (use https backends)
InsecureSkipVerify = true

[entryPoints]
  [entryPoints.http]
    address = ":80"
    compress = true
    [entryPoints.http.proxyProtocol]
      insecure = true
      trustedIPs = ["10.0.0.0/8"]
  [entryPoints.redirect]
    address = ":81"
    compress = true
    [entryPoints.http.redirect]
      entryPoint = "http" 

However this gives a

400 Bad Request

when I try and access any service on :80.

I assume this is because for this method to work traefik itself needs to have an SSL listener, rather than the ELB.

Is there a way this can be set up so that all traffic that hits traefik on :81 is rewritten to https?