Traefik2, Docker swarm and no Client IP on running Services

First of all, hello to all!!!

For weeks now I have been trying to understand why I can't get the IP of the clients that make requests to the apache service. Setting up my services is quite simple:

  • Docker in swarm mode
  • A Manager node
  • A Worker node
  • Traefik 2 installed on the Manager node
  • A Stack with Apache service running on the Worker node

Everything works without problems except for the lack of client IPs to be sent to the Apache service. I also tried to enable port mapping, in Host mode on the Apache service

        - traefik.enable=true
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.circus-http.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.circus-http.entrypoints=http
        - traefik.http.routers.circus-http.middlewares=https-redirect

        # Create a middleware named `circus-http`
        #- traefik.http.middlewares.circus-http.ipwhitelist.sourcerange=
        # Apply the middleware named `circus-http` to the router named `router1`
        #- traefik.http.routers.circus-http.middlewares=circus-http@docker
        - traefik.http.routers.circus-https.rule=Host(`${DOMAIN?Variable not set}`)
        - traefik.http.routers.circus-https.entrypoints=https
        - traefik.http.routers.circus-https.tls=true
        - traefik.http.routers.circus-https.tls.certresolver=le

Traefik runs in its own container and these are the start parameters:

    # Use the latest Traefik image
    image: traefik:v2.2
      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
      - target: 80
        published: 80
        mode: host
      # Listen on port 443, default for HTTPS
      - target: 443
        published: 443
        mode: host


      # Enable Docker in Traefik, so that it reads labels from Docker services
      - --providers.docker
      # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
      - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
      # Do not expose all Docker services, only the ones explicitly exposed
      - --providers.docker.exposedbydefault=false
      # Enable Docker Swarm mode
      - --providers.docker.swarmmode
      # Create an entrypoint "http" listening on address 80
      - --entrypoints.http.address=:80
      - --entrypoints.http.forwardedHeaders.insecure
      # Create an entrypoint "https" listening on address 443
      - --entrypoints.https.address=:443
      - --entrypoints.https.forwardedHeaders.insecure
      # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
      -${EMAIL?Variable not set}
      # Store the Let's Encrypt certificates in the mounted volume
      # Use the TLS Challenge for Let's Encrypt
      - --certificatesresolvers.le.acme.tlschallenge=true
      # Enable the access log, with HTTP requests
      - --accesslog
      # Enable the Traefik log, for configurations and errors
      - --log
      # Enable the Dashboard and API
      - --api

Example Apache logs:

**** - - [13/Aug/2020:10:29:39 +0000] "GET /left.png HTTP/1.1" 200 15551 "DOMAIN" "Mozilla/5.0 (X11; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"