Traefik v2 ipWhitelist/depth with Cloudflare and local network


I am having an issue configuring whitelists for Traefik. My setup is Traefik v2 in docker configured to trust Cloudflare header IPs and seeing in logs, it seems to work I get the client IPs. To make my whitelist work, I need to set depth to 1. But the main issue comes, if I want to use local DNS server which is also in the same docker as traefik but is not proxied via traefik.

For example, if in my local DNS I have set to point to my host with traefik (which is also the DNS, Traefik, website) the whitelists stops working because the depth on which the real IP is is 0 as this setup bypasses Cloudflare.
My aim is to have unified whitelist that would work for both, is there something I can do about it, for example so Cloudflare's real IP in whitelist would work on depth 0 too? I am asking, because some long ago in my setup it worked on depth 0 (as in I had no need to set this option).

As an additional note, my nginx begind traefik is set to:
real_ip_header CF-Connecting-IP;
set_real_ip_from ;
So it gets real IP from cloudflare but if I set my dns which bypasses clouldflare, I am getting Traefik's container IP not the host that connected to Traefik. If I use X-Forwarded-For, I get Cloudflare server IP. I would need to enable resurive on to get real ip which is not mentioned in Cloudflares docs (also trust cloudflares ip in here). So something seems to be off but I am not sure what.

Traefik: traefik: container_name: Traefik hostname: traefik image: traef -

have you solved this?


any update on solution to this? will like to set this up also
will like to get real-ip and whitelist that rather than whitelisting cloudflare ips