First of all, hello to all!!!
For weeks now I have been trying to understand why I can't get the IP of the clients that make requests to the apache service. Setting up my services is quite simple:
- Docker in swarm mode
- A Manager node
- A Worker node
- Traefik 2 installed on the Manager node
- A Stack with Apache service running on the Worker node
Everything works without problems except for the lack of client IPs to be sent to the Apache service. I also tried to enable port mapping, in Host mode on the Apache service
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.circus-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.circus-http.entrypoints=http
- traefik.http.routers.circus-http.middlewares=https-redirect
# Create a middleware named `circus-http`
#- traefik.http.middlewares.circus-http.ipwhitelist.sourcerange=10.0.1.1/32
# Apply the middleware named `circus-http` to the router named `router1`
#- traefik.http.routers.circus-http.middlewares=circus-http@docker
- traefik.http.routers.circus-https.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.circus-https.entrypoints=https
- traefik.http.routers.circus-https.tls=true
- traefik.http.routers.circus-https.tls.certresolver=le
- traefik.http.services.circus.loadbalancer.server.port=80
Traefik runs in its own container and these are the start parameters:
traefik:
# Use the latest Traefik image
image: traefik:v2.2
ports:
# Listen on port 80, default for HTTP, necessary to redirect to HTTPS
- target: 80
published: 80
mode: host
# Listen on port 443, default for HTTPS
- target: 443
published: 443
mode: host
.......
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Create an entrypoint "http" listening on address 80
- --entrypoints.http.address=:80
- --entrypoints.http.forwardedHeaders.insecure
# Create an entrypoint "https" listening on address 443
- --entrypoints.https.address=:443
- --entrypoints.https.forwardedHeaders.insecure
# Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
Example Apache logs:
**10.0.1.4** - - [13/Aug/2020:10:29:39 +0000] "GET /left.png HTTP/1.1" 200 15551 "DOMAIN" "Mozilla/5.0 (X11; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"