How to obtain the real IP in Docker Swarm?

Deploy by docker swarm

version: '3.8'
services:
  reverse-proxy:
    image: traefik:v3.2
    restart: always
    command:
      - --providers.swarm.endpoint=unix:///var/run/docker.sock
      - --providers.swarm.exposedByDefault=false
      - --providers.swarm.network=traefik
      
      # 暴露端口
      - --entryPoints.web.address=:80
      - --entryPoints.web.forwardedHeaders.insecure
      - --entryPoints.web.http.redirections.entryPoint.to=websecure
      - --entryPoints.web.http.redirections.entryPoint.scheme=https
      - --entryPoints.websecure.address=:443
      #- --entryPoints.websecure.forwardedHeaders.trustedIPs=0.0.0.0/0 # not work
      - --entryPoints.websecure.forwardedHeaders.insecure

      # ...
    ports:
      - "80:80"
      - "443:443"
    networks:
      - traefik

  treafik-whoami:
    image: traefik/whoami
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.treafik-whoami.rule=Host(`whoami.traefik.example.com`)
        - traefik.http.services.treafik-whoami.loadbalancer.server.port=80
        - traefik.http.routers.treafik-whoami.tls.certresolver=alidns
        - traefik.http.routers.treafik-whoami.tls.domains[0].main=*.traefik.example.com
    networks:
      - traefik

networks:
  traefik:
    external: true

And curl whoami.traefik.example.com

Hostname: c87c225777ee
IP: 127.0.0.1
IP: ::1
IP: 10.0.1.207
IP: 172.27.0.3
RemoteAddr: 10.0.1.205:56708
GET / HTTP/1.1
Host: whoami.traefik.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Priority: u=0, i
Sec-Ch-Ua: "Microsoft Edge";v="135", "Not-A.Brand";v="8", "Chromium";v="135"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 10.0.0.2
X-Forwarded-Host: whoami.traefik.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: d85275e31f80
X-Real-Ip: 10.0.0.2

Swarm will automatically create an ingress network, so IP packets get routed, you see a different IP. Use host mode (from simple Traefik Swarm example):

    ports:
      # listen on host ports without ingress network
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.