Logging real client IP behind proxies and load balancers

Hi All,

I'm trying to get our Traefik instance (hosted in Kubernetes) to log the client's real IP whilst behind Cloudflare and AWS ELB.

I have added our ELB private IP addresses to the trustedIPs setting for both forwardedHeaders and proxyProtocol on our Traefik endpoints, which works great for sites pointing directly at AWS ELB, but not for sites sitting behind Cloudflare.

It looks like I need something similar to Nginx's set_real_ip setting, as documented here: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare-

Has anyone got any ideas?


1 Like

Hi Tawmu,

You can forward the real IP to your traefik adding the following annotation in your Service object

apiVersion: v1
kind: Service
  name: traefik
  namespace: traefik
  type: LoadBalancer
  externalTrafficPolicy: "Local" <------- see here

Link: https://v1-16.docs.kubernetes.io/docs/concepts/services-networking/service/