X-Forwarded-Proto is changed when using Auth Forward Setting

Amir · September 10, 2019, 6:01pm

Traefik v1.7.14 is deployed inside a Service Fabric cluster with a following setup:

Client --- HTTPs ---> Azure Load Balancer --- HTTP ---> Traefik

We deploy a sidecar in the cluster using which we integrate Traefik's API endpoint with Azure AD. We then configure Traefik's API endpoint with "Auth Forward" through this service:

[entryPoints.traefik]
    address = ":8080"
    [entryPoints.traefik.auth]
      [entryPoints.traefik.auth.forward]
        address = "http://localhost:4181"
        authResponseHeaders = ["X-Forwarded-User"]

The auth service (sidecar) uses "X-Forwarded-Proto" to build a redirect URI and make requests to Azure AD. However, the value is HTTP, not HTTPs.

Why wouldn't Traefik preserve client request's protocol?

Amir · September 10, 2019, 6:11pm

Somewhere in the documentation there is a mention of "trustForwardHeader" setting. I guess that's false by default. I'm gonna try setting that to True and see.

Topic		Replies	Views
HTTP -> HTTPS redirection based on X-Forwarded-Proto Header Traefik v2 middleware	3	3780	November 15, 2019
What does trustForwardHeader do for ForwardAuth and when would we use it? Traefik v2 middleware	1	1020	January 28, 2023
Traefik does not appear to set X-Forwarded headers correctly for forward auth Traefik v2 docker , middleware	0	388	April 15, 2023
ForwardAuth does not pass X-Forwarded-Uri Traefik v2 docker-swarm	2	3422	December 4, 2019
Middleware forwardauth does not apply Traefik v2 file	12	4859	October 1, 2019

X-Forwarded-Proto is changed when using Auth Forward Setting

Related topics