Hi all,
I have a few services that I would like to allow incoming traffic only from my office public IP, any idea how can it be done?
Use rule with ClientIP() (doc).
It doesn't seem to be working. When I used this approach, it gave me a "404 Page Not Found" error.
- Request completely sent off
< HTTP/2 404
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
< content-length: 19
< date: Mon, 10 Mar 2025 14:58:02 GMT
<
404 page not found
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: rabbitmq
namespace: rabbitmq
spec:
entryPoints:
- websecure
routes:
- match: Host(`mq.xxx.io`) && ClientIP(`x.x.x.x`)
kind: Rule
middlewares:
- name: rabbitmq-headers
namespace: rabbitmq
services:
- name: rabbitmq-management
port: 15672
tls: {}
You can use the IpAllowList middleware.
You can add this middleware via a dynamic provider (eg. Files or Redis) and traefik will reload the middleware and allowed ips if it changes.
Now you just have to automate getting the office ip and updateing the file or whatever dynmaic traefik provider.