Traefik Get Real IP address
When traefik is deployed behind multiple load balancers, use this plugin to detect the different load balancers and get the real IP from different header fields
CloudFlare
┌─────────┐
│ ├────────────────────────────────► ┌───────┬────────┐
└─────────┘ x-from-cdn:cf-foo │ │ │
Cf-Connecting-Ip: realip │ │ │
CDN2 │ │ │
┌─────────┐ │ │ paxxs's│
│ ├────────────────────────────────► │traefik│ │ x-real-ip:realip
└─────────┘ x-from-cdn:mf-bar │ │Get-rea ├─────────────►
Client-iP: realip │ │ l-ip │
CDN3 │ │Plugin │
┌─────────┐ │ │ │
│ ├───────────────────────────────► │ │ │
└─────────┘ x-from-cdn:mf-fun └───────┴────────┘
x-forwarded-for: realip,x.x.x.x
(truthedIP) ▲ ▲
│ │
┌────────┐ │ │
└────────┘ ────────────────────────────────────┘ │
"*" │
┌────────┐ RemoteAddr/etc.. │
└────────┘ ───────────────────────────────────────┘
CDN Configuration
E.g. Cloudflare:
Rules > Transform Rules > HTTP Request Header Modification > Add
- Set static Header:
X-From-Cdn- Value:
cf-foo
- Value:
Traefik Configuration
Static
moduleName: github.com/Paxxs/traefik-get-real-ip
version: v1.0.1
- yml
- toml
- docker-labels
pilot:
token: [REDACTED]
experimental:
plugins:
real-ip:
moduleName: github.com/Paxxs/traefik-get-real-ip
version: v1.0.1
Dynamic
- yml
- toml
- docker labels
- Kubernetes
http:
middlewares:
real-ip-foo:
plugin:
real-ip:
Proxy:
- proxyHeadername: X-From-Cdn
proxyHeadervalue: mf-fun
realIP: X-Forwarded-For
- proxyHeadername: X-From-Cdn
proxyHeadervalue: mf-bar
realIP: Client-Ip
- proxyHeadername: X-From-Cdn
proxyHeadervalue: cf-foo
realIP: Cf-Connecting-Ip
- proxyHeadername: "*"
realIP: RemoteAddr
routers:
my-router:
rule: Host(`localhost`)
middlewares:
- real-ip-foo
service: my-service
services:
my-service:
loadBalancer:
servers:
- url: 'http://127.0.0.1'
