I am having an issue configuring whitelists for Traefik. My setup is Traefik v2 in docker configured to trust Cloudflare header IPs and seeing in logs, it seems to work I get the client IPs. To make my whitelist work, I need to set depth to 1. But the main issue comes, if I want to use local DNS server which is also in the same docker as traefik but is not proxied via traefik.
For example, if in my local DNS I have example.com set to point to my host with traefik (which is also the DNS, Traefik, website) the whitelists stops working because the depth on which the real IP is is 0 as this setup bypasses Cloudflare.
My aim is to have unified whitelist that would work for both, is there something I can do about it, for example so Cloudflare's real IP in whitelist would work on depth 0 too? I am asking, because some long ago in my setup it worked on depth 0 (as in I had no need to set this option).
As an additional note, my nginx begind traefik is set to:
So it gets real IP from cloudflare but if I set my dns which bypasses clouldflare, I am getting Traefik's container IP not the host that connected to Traefik. If I use X-Forwarded-For, I get Cloudflare server IP. I would need to enable resurive on to get real ip which is not mentioned in Cloudflares docs (also trust cloudflares ip in here). So something seems to be off but I am not sure what.