(Sorry for the incorrect tag but the tag was mandatory and there wasn't any appropriate ones).
I'm running Traefik in Nomad successfully, but our setup is a little complicated:
browser
-> traefik
-> front-end website (Caddy which reverse proxies to...)
-> traefik
-> backend website
Each of the above steps are inside podman containers running in Nomad.
When people hit https://front-end.mydomain.com/proxied-content Caddy should reverse proxy to https://back-end.mydomain.com/proxied-content .
This works in an alternative Docker Compose setup where it's just browser -> front-end (Caddy) -> back-end.
However, in the Nomad-with-Traefik-ingress setup above I'm observing in the backend website that X-Forwarded-Host is incorrectly set to back-end.mydomain.com. It should be front-end.mydomain.com because that's the original host the browser requested.
I think Traefik is doing this overwriting. It looks like forwardedHeaders should fix this by adding the upstream server as a trusted IP.
In Nomad I tried:
"traefik.http.routers.back-end.entrypoints=websecure",
"traefik.http.routers.back-end.rule=Host(`back-end.mydomain.com`)",
"traefik.http.routers.back-end.tls.certresolver=buypass",
"traefik.http.routers.back-end.entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.14.0/24"`
But that gave an error:
Failed to decode configuration: field not found, node: forwardedHeaders
I tried something different by reviewing the CLI docs:
"traefik.entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.14.0/24",
That didn't give an error, but it also didn't appear to do anything.
Is this something that can be configured?