we use traefik as a proxy in front of nomad cluster running docker containers.
We use traefik with consul catalog, everything work fine, but what we noticed is that for some reason traefik append the balancer IP into the X-Forwarded-For header, together with the real client ip address, and we were wondering is there a way to set this.
Here is a simple explanation:
I have an nginx webserver which proxy-pass the request to traefik v2 balancer which pass it to the container. On nginx I`ve set up "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" and on traefik I have configuration to trust the balancer, and I see the client ip in the traefik logs, then on the container the X-Forwarded-For header is array of two elements, which contains the IP address of the client and the IP address of the nginx loadbalancer.
client (22.214.171.124) --> nginx (private ip: 10.1.1.1) Set X-Forwarded-For:126.96.36.199 --> traefik (can see X-Forwarded-For:188.8.131.52) --> docker container (get a value X-Forwarded-For: [184.108.40.206, 10.1.1.1]).
Here is the traefik entrypoint config:
[entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.forwardedHeaders] insecure = true [entryPoints.traefik] address = ":9000" [log] level = "info" filePath = "/var/log/traefik/traefik.log" format = "common"
I will appriciate any help on that.