Logging real client IP behind proxies and load balancers

Tawmu · January 9, 2020, 10:13pm

Hi All,

I'm trying to get our Traefik instance (hosted in Kubernetes) to log the client's real IP whilst behind Cloudflare and AWS ELB.

I have added our ELB private IP addresses to the trustedIPs setting for both forwardedHeaders and proxyProtocol on our Traefik endpoints, which works great for sites pointing directly at AWS ELB, but not for sites sitting behind Cloudflare.

It looks like I need something similar to Nginx's set_real_ip setting, as documented here: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare-

Has anyone got any ideas?

Thanks

rdgacarvalho · April 13, 2020, 8:01pm

Hi Tawmu,

You can forward the real IP to your traefik adding the following annotation in your Service object

apiVersion: v1
kind: Service
metadata:
  name: traefik
  namespace: traefik
spec:
  type: LoadBalancer
  externalTrafficPolicy: "Local" <------- see here

Link: https://v1-16.docs.kubernetes.io/docs/concepts/services-networking/service/

Topic		Replies	Views
Real IP from ELB Traefik v2 kubernetes-ingress	3	2523	November 12, 2019
Real client ip - aws elb Traefik v2 kubernetes-crd , middleware	1	890	April 11, 2020
Get real Ip address of client not working Traefik v2 kubernetes-ingress	0	1033	November 25, 2022
Restoring Cloudflare Real IP on Traefik Traefik v2 kubernetes-ingress	7	8116	October 4, 2021
Remote ip behind cloudfare load balancer Traefik v2 cli	3	350	February 16, 2023

Logging real client IP behind proxies and load balancers

Related topics