I have a local problem that is not present when I do the deployment on my online dedicated server to get the real IP of the client.
Locally, the whoami service returns the container's IP to me not my own private IP (192.168.2.9).
With the same configuration deployed on my dedicated server I get the real IP of the client in my logs.
I tested adding the following options locally too:
- proxyProtocol by setting the insecure to True.
- forwardHeaders by setting the insecure to True.
- trustedIPs: 127.0.0.1/8, 192.0.0.1/8, 172.0.0.1/8
None of these options mixed in different ways allowed me to get the real IP locally.
I insist on the particularity that without doing all this and with the same online configuration I have the real IP of the client and locally only the container IP instead of the one of my local PC.(192.168.2.9)
Here, my configuration files :
traefik.yml
---
global:
sendAnonymousUsage: "false"
checkNewVersion: "false"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: "false"
watch: "true"
swarmMode: "false"
file:
directory: "/etc/traefik/dynamic"
watch: "true"
accessLog: {}
api:
dashboard: "true"
log:
level: "INFO"
format: "json"
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: "web-tls"
scheme: "https"
web-tls:
address: ":443"
dynamic_traefik.yml
---
http:
routers:
http:
rule: "Host(`traefik.myhome.be`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
entryPoints: "web"
service: "api@internal"
middlewares:
- "https-dashboard"
https:
rule: "Host(`traefik.myhome.be`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
entryPoints: "web-tls"
tls: "true"
service: "api@internal"
middlewares:
- "auth"
middlewares:
https-dashboard:
redirectScheme:
permanent: "true"
scheme: "https"
auth:
basicAuth:
users:
- "admin:$apr1$IfhjvHv8$YH44Wy783yEghLwkGy9gi1"
tls:
certificates:
- certFile: /certificates/myhome.be.rsa.pem
keyFile: /certificates/myhome.be.rsa.key
- certFile: /certificates/myhome.be.ecdsa.pem
keyFile: /certificates/myhome.be.ecdsa.key
docker-compose.yml
version: "3.6"
services:
traefik:
image: "poc_traefik:latest"
container_name: "ge-traefik"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
ports:
- "80:80"
- "443:443"
networks:
- "network-frontend"
- "network-backend"
whoami:
image: "traefik/whoami:latest"
container_name: "whoami"
hostname: "whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=web-tls"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.myhome.be`)"
- "traefik.http.services.whoami.loadbalancer.server.port=${HTTP}"
An idea for a solution? I really need to have the real client IP for our developments.
