Routing developers source IP to a development container

I have an app on two containers which should be served with the same domain for both development and production environments from the same docker host and traefik as a reverse proxy.

My traefik docker-compose is:

version: "3.9"

services:
  traefik:
    image: "traefik:v2.9"
    container_name: "traefik"
    command:
      - "--api.insecure=true" # Enables traefik dashboard that will listen on port 8080
      - "--providers.docker=true" # Defines docker as a provider
      - "--providers.docker.exposedbydefault=false" # Prevents from exposing all containers by default
      - "--entrypoints.web.address=:80" # Will listen to incoming requests on port 80
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - traefik_webgateway

networks:
  traefik_webgateway:
    external: true
    name: traefik_webgateway

I have created two nginx services:

nginx-1:

version: '3.9'

services:
  nginx:
    container_name: nginx1
    image: nginx
    restart: always
    networks:
      - traefik_webgateway
    volumes:
      - "./html:/usr/share/nginx/html"
    labels:
      - traefik.enable=true
      - traefik.port=80
      - traefik.http.routers.nginx-0.rule=Host(`nginx1.ngtech.home`)
      - traefik.http.routers.nginx-0.entrypoints=web
      - traefik.http.routers.nginx-0.priority=100
networks:
  traefik_webgateway:
    external: true
    name: traefik_webgateway

nginx-dev:

version: '3.9'

services:
  nginx:
    container_name: nginxdev
    image: nginx
    restart: always
    networks:
      - traefik_webgateway
    volumes:
      - "./html:/usr/share/nginx/html"
    labels:
      - traefik.enable=true
      - traefik.port=80
      - "traefik.http.routers.nginx99-dev.rule=ClientIP(`192.168.120.80/32`) && Host(`nginx1.ngtech.home`)"
      - traefik.http.routers.nginx99-dev.entrypoints=web
      - traefik.http.routers.nginx99-dev.priority=1
networks:
  traefik_webgateway:
    external: true
    name: traefik_webgateway

And the requests always fall on the nginx-1 and never on the nginx-dev despite to the fact the I created a specific rule for this a specific source address.

The only way I managed to route the traffic from 192.168.120.80 to the dev environment was when I have used two ClientIP rules each per container and each ClientIP range was not overlapping each other.

Of course, higher priority (higher number) wins. Remove the priority lines and it should work. The longer rule (with ClientIP) has automatically higher priority and is checked first, then Traefik falls back to the shorter rule.

So technically I understood it wrong.
If I will switch the priority from 1 to 100 and from 100 to 1 it will work.
I will try to post later a whole lab about it.
I managed to do something nicer with a cookie.
When a cookie header regex exists the developer will have access to the development service.
The issue with this is that I cannot use a dynamic set of cookies.
I was thinking about an app that will update a dynamic rules file that will do that but it's too much.

You don’t need priority at all.

What do you mean with dynamic set of cookies? You potentially can check for cookies with HeadersRegexp().

I am settings priority to be explicit...
I mean that I want a login page to set a different cookie each time and that Traefik rules will be updated by the app each time a cookie is being added or removed.

The priority is automatically set by the rule itself. Longer rule (more specific) means higher priority.

My understanding is that you can set the cookie and route by it. So every time you send a request with cookie dev=123 or mode=dev you can route to the dev server.