Hi there.
First of all many thanks to all the people involved in this project for their time, I really appreciate it.
We have traefik 2.2.1
running as a docker container binding ports TCP 80, TCP 443, TCP 22 and UDP 53 to the docker host, everything works as expected.
We deployed a conainer with whoami.
Finally we send an HTP request from DMZ that reached whoami (https://whoami.example.com) but there's no way to get the public IP address of the DMZ client.
We tried with and without solutions but without luck. Any help will be appreciated:
- NO
forwardedHeaders.trustedIP
andforwardedHeaders.insecure
-
forwardedHeaders.trustedIP
andforwardedHeaders.insecure
- Only
forwardedHeaders.trustedIP
- Only
forwardedHeaders.insecure
I can't even see the public IP address logged in traefik, but I'm sure it can get it, since it logs other TCP service requests, such as an SFTP backend.
Details
- Traefik
Version: 2.2.1
Codename: chevrotin
Go version: go1.14.2
Built: 2020-04-29T18:02:09Z
OS/Arch: linux/amd64
"Cmd": [
"--log.level=DEBUG",
"--api.insecure=true",
"--providers.docker=true",
"--providers.docker.exposedbydefault=false",
"--entryPoints.entrypoint_http.forwardedHeaders.trustedIPs=10.151.1.1/32,10.151.1.128/32",
"--entryPoints.entrypoint_http.forwardedHeaders.insecure=true",
"--entryPoints.entrypoint_https.forwardedHeaders.trustedIPs=10.151.1.1/32,10.151.1.128/32",
"--entryPoints.entrypoint_https.forwardedHeaders.insecure=true",
"--entryPoints.entrypoint_ssh.forwardedHeaders.trustedIPs=10.151.1.1/32,10.151.1.128/32",
"--entryPoints.entrypoint_ssh.forwardedHeaders.insecure=true",
"--entrypoints.entrypoint_http.address=:80",
"--entrypoints.entrypoint_https.address=:443",
"--entrypoints.entrypoint_ssh.address=:22",
"--entrypoints.entrypoint_dns.address=:53/udp",
"--certificatesresolvers.certificatesresolver_letsencrypt.acme.tlschallenge=True",
"--certificatesresolvers.certificatesresolver_letsencrypt.acme.email=info@example.com",
"--certificatesresolvers.certificatesresolver_letsencrypt.acme.storage=/letsencrypt/acme.json"
],
"Networks": {
"network-reverse-proxy": {
"IPAMConfig": {
"IPv4Address": "10.151.1.128"
},
"Links": null,
"Aliases": [
"32bba139dc09"
],
"NetworkID": "3ebdfa30a6f3dfc0993019b3b1ec066a74bf0eae7c23594e48ebbcd620cadc34",
"EndpointID": "ede72e56082bc02ad20f29867f0360b3b44e60963f462a9b1ef15f35a7ab2393",
"Gateway": "10.151.1.1",
"IPAddress": "10.151.1.128",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:0a:97:01:80",
"DriverOpts": null
}
}
time="2020-11-09T12:28:00Z" level=debug msg="Handling connection from 10.151.1.1:15769"
time="2020-11-09T12:28:00Z" level=debug msg="Handling connection from 10.151.1.1:26804"
time="2020-11-09T12:28:00Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"*/*\"],\"User-Agent\":[\"curl/7.72.0\"],\"X-Forwarded-Host\":[\"whoami.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"673af69607f0\"],\"X-Real-Ip\":[\"10.151.1.1\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"whoami.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"10.151.1.1:48730\",\"RequestURI\":\"/\",\"TLS\":null}"
time="2020-11-09T12:28:00Z" level=debug msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"*/*\"],\"User-Agent\":[\"curl/7.72.0\"],\"X-Forwarded-Host\":[\"whoami.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"673af69607f0\"],\"X-Real-Ip\":[\"10.151.1.1\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"whoami.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"10.151.1.1:48730\",\"RequestURI\":\"/\",\"TLS\":null}" ForwardURL="http://10.151.1.6:80"
time="2020-11-09T12:28:00Z" level=debug msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"*/*\"],\"User-Agent\":[\"curl/7.72.0\"],\"X-Forwarded-Host\":[\"whoami.example.com\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"673af69607f0\"],\"X-Real-Ip\":[\"10.151.1.1\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"whoami.example.com\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"10.151.1.1:48730\",\"RequestURI\":\"/\",\"TLS\":null}"
- Whoami
"Labels": {
"traefik.enable": "true",
"traefik.http.middlewares.redirect-to-https.redirectscheme.permanent": "true",
"traefik.http.middlewares.redirect-to-https.redirectscheme.scheme": "https",
"traefik.http.routers.whoami-http.entrypoints": "entrypoint_http",
"traefik.http.routers.whoami-http.middlewares": "redirect-to-https",
"traefik.http.routers.whoami-http.rule": "Host(`whoami.example.com`)",
"traefik.http.routers.whoami-https.entrypoints": "entrypoint_https",
"traefik.http.routers.whoami-https.rule": "Host(`whoami.example.com`)",
"traefik.http.routers.whoami-https.tls.certresolver": "certificatesresolver_letsencrypt"
}
"Networks": {
"network-reverse-proxy": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"d824869fa135"
],
"NetworkID": "3ebdfa30a6f3dfc0993019b3b1ec066a74bf0eae7c23594e48ebbcd620cadc34",
"EndpointID": "34205e3c682dea390c61992633f6115f1586b8ad5fe314a89d311fe81c0045ec",
"Gateway": "10.151.1.1",
"IPAddress": "10.151.1.6",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:0a:97:01:06",
"DriverOpts": null
}
}
Hostname: d824869fa135
IP: 127.0.0.1
IP: 10.151.1.6
RemoteAddr: 10.151.1.1:38262
GET / HTTP/1.1
Host: whoami.example.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Cookie: experimentation_subject_id=IjMyYjQ3NjlkLTQ4YmEtNDhhMS1iMzBiLTlkNmVjZTY5ZGY1NCI%3D--96bde26271f34eed6dab3677a42a60e737e50b39; _ga=GA1.2.283781559.1591263718; tk_or=%22%22; tk_lr=%22%22; _fbp=fb.1.1600789674912.825009860
Te: trailers
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 10.151.1.1
X-Forwarded-Host: whoami.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 673af69607f0
X-Real-Ip: 10.151.1.1