My current setup for some of my sites are: visitor -> cloudflare -> traefik1 -> traefik2 -> service.
Everything seems to be working fine, execpt for one small detail I can't seem to solve and that is logging of the original IP on the second traefik instance.
On the first traefik instance I have added entrypoints.websecure.forwardedheaders.trustedips=$CF_IPS where CF_IPS is the list of cloudflare forwarding IPv4s. This works as expected and my traefik access log will show the original visitor IP only.
For the second instance of traefk, forwarded headers does not seem to get rid of both the cloudflare IP and the traefik1 IP. I've tried multiple combinations in the forwardedheaders.trustedips, but it seems my results are as follows:
CFip and traefik1ip in trustedips
Access log shows visitorip, cloudflareip in log and X-Forwarded-For shows visitorip, cloudflareip, traefik1ip
traefik1ip only in trustedips
same as above situation
CF only in trustedips
Access log shows traefik1ip in log and X-Forwarded-For shows only traefik1ip
It seems that after a trusted IP is found no more processesing is done? Is this expected?
I have also tried a few different ipWhiteList options, but it seems that is only affecting access and not so much logging from what I can tell.
Is there anyway I can have the access log show just the visitor IP in this scenario on the second instance of traefik?