TCP Service forward original IP

I am using traefik with adguard behind it using DNS over HTTPS and DNS of TLS on a remote server. So I can use android "private dns server".
But what traefik does is forwarding the local ip instead of the outside IP. So I see the adguard log the docker IP of traefik. Is there away to forward the original IP?

Traefik does not "forward" the local IP, but the connection to Adguard has Traefik IP just as origin, because that's where the local connection is coming from.

Traefik will "forward" IP information by placing them in the HTTP header ( X-Forwarded-*), I think that's done automatically, check if Adguard supports getting the IP from the header. Alternatively you can check if Adguard supports proxy-protocol.

Thanks for your information, adguard does support x-forward-* since I was using SWAG before which was forwarding the IP just fine.

My traefik config
---
global:
  sendAnonymousUsage: false
  #checkNewVersion: false

api:
  insecure: false
  dashboard: true
  #debug: true

log:
  level: "WARN"

# accessLog:
#   format: json

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
    watch: true
    swarmMode: false
  file:
    directory: /rules
    watch: true

serversTransport:
  insecureSkipVerify: true

entryPoints:
  web:
    address: :80
    proxyProtocol:
      insecure: true
    forwardedHeaders:
      insecure: true
    http:
      redirections:
        entryPoint:
          to: websecure
  websecure:
    address: :443
    proxyProtocol:
      insecure: true
    forwardedHeaders:
      insecure: true
  dnsovertls:
    address: :853
  dns:
    address: :53
  udpdns:
    address: :53/udp
#  metrics:
#    address: :8456

# smtp:
#   address: :25
# smtp-ssl:
#   address: :465
# imap-ssl:
#   address: :993

certificatesResolvers:
  lets-encrypt:
    acme:
      #caserver: https://acme-staging-v02.api.letsencrypt.org/directory #only for debug
      email: {{emailaddress}}
      storage: /letsencrypt/acme.json
      tlschallenge: true
      preferredChain: 'ISRG Root X1'
      # httpChallenge:
      #   entrypoint: web
#metrics:
#  prometheus:
#    entryPoint: metrics
#    addEntryPointsLabels: true
#    addRoutersLabels: true
#    addServicesLabels: true
# buckets:
#   - 0.1
#   - 0.3
#   - 1.2
#   - 5.0

My Docker config
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: {{dockerrestartpolicy}}
    networks:
      - traefik_proxy
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 853
        published: 853
        protocol: tcp
        mode: host
      - target: 53
        published: 53
        protocol: tcp
        mode: host
      - target: 53
        published: 53
        protocol: udp
        mode: host
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/srv/docker/traefik2/rules:/rules"
      - "/srv/docker/traefik2/acme:/letsencrypt"
      - "/srv/docker/traefik2/traefik.yaml:/etc/traefik/traefik.yaml"
    environment:
      - TZ={{ntp_timezone}}
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_proxy"
      - "traefik.http.routers.traefikdashboard.rule=Host(`traefik.{{hostname}}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.traefikdashboard.entrypoints=websecure"
      - "traefik.http.routers.traefikdashboard.service=api@internal"
      - "traefik.http.routers.traefikdashboard.tls=true"
      - "traefik.http.routers.traefikdashboard.tls.certresolver=lets-encrypt"
      - "traefik.http.routers.traefikdashboard.middlewares=middlewares-ipwhitelist@file, redirect-web-to-websecure@internal, middlewares-rate-limit@file"