I've tried everything I was able to find, but nothing helped me to solve my problem.
The situation is pretty simple. I would like to pass the "real" access IP address to my containers and I really would like to see them in the access-log. If someone with an IPv6 accessed the server, it only shows the gateway:
172.20.0.1 - - [29/Oct/2020:10:03:01 +0000] "GET /apps/files/img/app.svg HTTP/1.1" 200 222 "-" "-" 30 "cloud-secure@docker" "http://172.20.0.3:80" 4ms
If someone with a IPv4 address access the same resource it's displayed correctly in the log file and other contrainers.
My compose file:
version: '3.2'
services:
traefik:
image: traefik:v2.3.2
container_name: traefik
hostname: "traefik"
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/dynamic.yml:/dynamic.yml:ro
- ./data/acme.json:/acme.json
- ./data/access.log:/access.log
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.default.tld`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=default:default."
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.default.tld`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth,secHeaders@file"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "providers.file.filename=dynamic.yml"
networks:
proxy:
external: true
Traefik Config:
log:
level: ERROR
accessLog:
filePath: access.log
bufferingSize: 500
api:
dashboard: true
serversTransport:
insecureSkipVerify: true
entryPoints:
http:
address: ":80"
forwardedHeaders:
trustedIPs:
- "172.20.0.0/16"
insecure: true
https:
address: ":443"
forwardedHeaders:
trustedIPs:
- "127.20.0.0/16"
insecure: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
file:
filename: dynamic.yml
certificatesResolvers:
http:
acme:
email: mail@default.tld
storage: acme.json
httpChallenge:
entryPoint: http
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
http:
middlewares:
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
I tried enabling IPv6 support for the docker network itself but I wasn't able to make it work. So if you have a hint on how to solve this I would be really thankful!