Logging real client IP behind proxies and load balancers

Traefik Traefik v2 (latest)
1

Hi All,

I'm trying to get our Traefik instance (hosted in Kubernetes) to log the client's real IP whilst behind Cloudflare and AWS ELB.

I have added our ELB private IP addresses to the trustedIPs setting for both forwardedHeaders and proxyProtocol on our Traefik endpoints, which works great for sites pointing directly at AWS ELB, but not for sites sitting behind Cloudflare.

It looks like I need something similar to Nginx's set_real_ip setting, as documented here: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare-

Has anyone got any ideas?

Thanks

1 Like
2

Hi Tawmu,

You can forward the real IP to your traefik adding the following annotation in your Service object

apiVersion: v1
kind: Service
metadata:
  name: traefik
  namespace: traefik
spec:
  type: LoadBalancer
  externalTrafficPolicy: "Local" <------- see here

Link: https://v1-16.docs.kubernetes.io/docs/concepts/services-networking/service/