Help with TrustedIPs on Hetzner

jeff · November 7, 2023, 3:30pm

Hey, I'm running Traefik in Docker as a local reverse proxy behind a Hetzner Load Balancer but for some reason it stops being available when adding
--entryPoints.http.forwardedHeaders.trustedIPs="127.0.0.1/8,167.199.11.64,162.66.156.232"
to the follow command. On detail:
in docker run --name traefik --detach --restart unless-stopped --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock --env-file .kamal/env/traefik/traefik.env --log-driver "awslogs" --log-opt awslogs-region="eu-central-1" --log-opt awslogs-group="/myservice/api" --log-opt awslogs-create-group="true" --log-opt tag="{{.Name}}-{{.ID}}" --volume "/var/run/datadog:/var/run/datadog" botbrains/traefik:v2.10 --providers.docker --log.level="DEBUG" --accesslog="true" --entryPoints.http.forwardedHeaders.trustedIPs="127.0.0.1/8,167.199.11.64,162.66.156.232" --tracing.datadog.localAgentSocket="/var/run/datadog/apm.socket" --metrics.datadog.address="127.0.0.1:8125" --metrics.datadog.addRoutersLabels="true" --metrics.datadog.prefix="traefik"

My containers are started with
--label traefik.http.services.api-web-staging.loadbalancer.server.scheme="http" --label traefik.http.routers.api-web-staging.rule="PathPrefix(`/`)" --label traefik.http.middlewares.api-web-staging-retry.retry.attempts="5" --label traefik.http.middlewares.api-web-staging-retry.retry.initialinterval="500ms" --label traefik.http.routers.api-web-staging.middlewares="api-web-staging-retry@docker"

Even adding
--entryPoints.http.forwardedHeaders.insecure="true" will also result in traefik not being accessible.

Any Idea where this fails?
Thanks you a lot.

bluepuma77 · November 7, 2023, 5:38pm

Please format your config with 3 backticks before and after or select code and press </>.

jeff · November 9, 2023, 9:12am

On detail:

docker run 
--name traefik 
--detach 
--restart unless-stopped 
--publish 80:80 
--volume /var/run/docker.sock:/var/run/docker.sock 
--env-file .kamal/env/traefik/traefik.env 
--log-driver "awslogs" 
--log-opt awslogs-region="eu-central-1" 
--log-opt awslogs-group="/myservice/api" 
--log-opt awslogs-create-group="true" 
--log-opt tag="{{.Name}}-{{.ID}}" 
--volume "/var/run/datadog:/var/run/datadog" 
botbrains/traefik:v2.10 
--providers.docker 
--log.level="DEBUG" 
--accesslog="true" 
--entryPoints.http.forwardedHeaders.trustedIPs="127.0.0.1/8,167.199.11.64,162.66.156.232" 
--tracing.datadog.localAgentSocket="/var/run/datadog/apm.socket" 
--metrics.datadog.address="127.0.0.1:8125" 
--metrics.datadog.addRoutersLabels="true" 
--metrics.datadog.prefix="traefik"

My containers are started with

--label traefik.http.services.api-web-staging.loadbalancer.server.scheme="http" 
--label traefik.http.routers.api-web-staging.rule="PathPrefix(`/`)" 
--label traefik.http.middlewares.api-web-staging-retry.retry.attempts="5" 
--label traefik.http.middlewares.api-web-staging-retry.retry.initialinterval="500ms" 
--label traefik.http.routers.api-web-staging.middlewares="api-web-staging-retry@docker"

jeff · November 9, 2023, 9:13am

Could you take a look now? Thank you.

bluepuma77 · November 9, 2023, 1:15pm

What does Traefik debug log tell you?

In general I think you should not use " around the values after =

Compare with docker-compose.yml of simple Traefik example.

Topic		Replies	Views
Traefik with external Hetzner loadbalancer Traefik v3 (latest) kubernetes-ingress	3	338	July 31, 2024
Traefik v2.1.4: X-Forwarded-For header doet not pass visitor IP when using IPv6 Traefik v2 docker , middleware	8	12277	January 5, 2022
Traefik + Portainer Traefik v2 docker , tcp	3	5860	October 5, 2023
Traefik does not route correctly to apps Traefik v2 docker	0	525	April 21, 2022
Help with https redirection and infinite loop Traefik v2 docker , middleware	3	2442	January 26, 2023

Help with TrustedIPs on Hetzner

Related topics