Real client ip address to backend

Hello i'm running http router, which i need to pass the real client IP address to my backend.

Here is my router config :

[http.routers.master]
rule = "Host(`mydomain.ltd`)"
entryPoints = ["web"]
service = "app"
middlewares = "app"

[http.services]
[http.services.app]
    [http.services.app.loadBalancer]
    serversTransport = "app"
    [[http.services.app.loadBalancer.servers]]
    url = "https://localhost:7996"
    [[http.services.app.loadBalancer.servers]]
    url = "https://localhost:7997"

[http.serversTransports.app]
  insecureSkipVerify = true
[http.serversTransports.app.forwardingTimeouts]
  responseHeaderTimeout = "40s"
  dialTimeout = "40s"

[http.middlewares]
  [http.middlewares.app]
  [http.middlewares.app.headers]
    accessControlAllowMethods= ["GET", "OPTIONS", "PUT", "DELETE", "PATCH"]
    accessControlAllowHeaders= "*"
    accessControlAllowOriginList = "*"
    accessControlMaxAge = 100
    addVaryHeader = true

[tls.stores]
  [tls.stores.default]
[[tls.certificates]]
  certFile = "/etc//SSL/dev.crt"
  keyFile = "/etc//SSL/dev.key"
  stores = ["default"]

and my master.toml

global]
  checkNewVersion = true


[serversTransport]
  insecureSkipVerify = true
  maxIdleConnsPerHost = 50
  [serversTransport.forwardingTimeouts]
    dialTimeout = 40
    responseHeaderTimeout = 40
    idleConnTimeout = 40

[entryPoints]
  [entryPoints.web]
    address = ":7998"
 [entryPoints.web.http.tls]
 options = "default"
[entryPoints.web.transport]
      [entryPoints.web.transport.respondingTimeouts]
        readTimeout = 30
        writeTimeout = 30        
 [entryPoints.web.forwardedHeaders]
      insecure = true
      trustedIPs = ["127.0.0.1", "172.31.23.77"]

[entryPoints.traefik]
    address = ":7780"

[providers]
  [providers.file]
    directory = "/opt/traefik/config/routers"
	watch = true
	
[log]
	level = "DEBUG"
    filePath = "/var/log/traefik/traefik-error.log"
	format = "common"
	
[accessLog]
	filePath = "/var/log/traefik/traefik-access.log"
	format = "common"

[api]
  dashboard = true
  insecure = true


[tls.stores]
 [tls.stores.default]
   [tls.stores.default.defaultCertificate]
  certFile = "/etc/SSL/dev.crt"
  keyFile = "/etc/SSL/dev.key"

How can I forward the IP address of the client to the backend?

Please note that this traefik is running by systemd daemon service.

This has been asked many times, so with a little searching you would probably found some solutions by yourself.

The connection will always have the IP of Traefik, this is how TCP/IP works.

When using http/s, you can check the headers which include the original IP.

Alternatively you can use ProxyProtocol, but the target service (application) needs to understand it.

I'm using HTTP, as I did not have any results when I'm using protocol 2 on TCP...

So does it mean every time the client is calling the traefik URL will generate a header where it's showing the client's IP address?

Traefik will always place the originating IP in the headers when forwarding http/s requests (X-Real-Ip).

1 Like

hi, thanks, can you give me example of config file what will be looking like based on my current config?

The headers are added automatically. Your target service just needs to read them from the http/s request.