disclaimer

Traefik forward client ip. And an HTTP router and HTTP service.

Traefik forward client ip yml so that traefik uses the host network. 1 running as a docker container binding ports TCP 80, TCP 443, TCP 22 and UDP 53 to the docker host, everything works as expected. Hello @remyduthu Thanks for using Traefik. The trick is to use socket activation. servers. apiVersion: v1 kind: Service metadata: name: traefik namespace: traefik spec: type: LoadBalancer externalTrafficPolicy: "Local" <----- see here Traefik already obtains Letsencrypt certificates for the domains and is also able to forward traffic to addresses external to your Kubernetes cluster. erl December frontend1 will forward the traffic to the backend2 if the rule Host:test. 150. image 1211×391 21. Issue: X-Real-IP is set to an internal IP and not to the client's IP, even though the client IP is listed in X-Forwarded-For header. And an HTTP router and HTTP service. co. First of all many thanks to all the people involved in this project for their time, I really appreciate it. - I don't know, what settings I have to change so that the real IP is displayed in the logs? I did Hi, I do have a situation to solve: real IP to final backend. I have a file provider that proxies connects to my Open Media Vault Control Panel but the logs still report that Traefik's IP ad why can't traefik have a way to easily get the real ip of user? Forward Rela Traefik IP and Header Logs. Traefik and PiHole with Docker: forward client IP. 168. The user calls http://localhost/checkmk and Traefik (running in Docker-Componse Hi, in my traefik access. 3: 910: June 1, 2024 Getting real client IP (X-FORWARDED-FOR) in k3s . 2, X-Real-IP: 10. 7 as my kubernetes ingress controller, and found several specific issues detailed below. insecure" and "proxyProtocol. I am trying to implement this into my Jellyfin instance, as Jellyfin only allows you to send a password reset if coming from a local connection. ecs, cli. X-Forwarded-For might contain multiple IPs chained if the request has multiple http hops. I'd like to have Traefik forward certain requests to another server, consider the following config: [frontends. 2. Traefik is my default Ingress Controller, I am currently on v2. We run Traefik in a Docker container and it forwards the client‘s home IP (1. Viewed 4k times 0 . localhost is matched (forwarding client Host header to the backend) I currently got in touch with Traefik and using it as reverse proxy for my docker services. Below are the available options for the Response Forwarding mechanism: FlushInterval specifies the interval in between flushes to the client while copying the response body. How to get this ip? Thanks. It only sometimes puts it in there and for a few following lines just only contain a local IP (of the other Traefik v2 does not show client IP address in X-Forwarded-For and/or in X-Real-Ip headers weeks, I have been trying to solve this problem. com directly points to the server where traefik is listening on via A record, so there is no LB's in front I'm implementing Traefik 2 as an ingress controller for k8s in AWS and am looking to log the real external address. I've got everything up and running, and it works perfect and fast. Unfortunately none of the Welcome! Yes, I've searched similar issues on GitHub and didn't find any. 244. 0: 592: March 16, 2020 This works fine for all internal and external user, however in Plex it shows the Traefik container IP as the user IP. 42. The only IP which I can see with Wireshark is the gateway IP x. kubernetes-crd. 6. ProxyProtocol can be used with Traefik on 2 sides: one is To make traefik get real client IP, make network packages arrived at Traefik not SNATed. Here are some snippets out of the traefik I'm running traefik on a raspberry pi with docker-compose. It works almost the same way as required. Hello, I have a web application hosted within a Kubernetes cluster, and it's using Traefik on the front. but i have containers spread across nodes and mode host limits traefik to only one node at a time. At the moment I do have this situation: Client -> Cloudflare -> Traefik TCP (docker) -> Traefik HTTP (kubernetes) -> Apache On the Apache access logs I get as IP the kubernetes' node IP, not the Client IP. attie. This flow works well, but the issue is that the source IP seen from the application corresponds to the IP of one of the Traefik pods (not the real client's). To access to kubernetes services I have deployed this: HAPROXY (external) --> Traefik (daemonset) nodePort 32xxx --> svc --> pods The haproxy instance is configured to forward the real ip: backend back_hello balance leastconn option httpclose option forwardfor server node1 I currently got in touch with Traefik and using it as reverse proxy for my docker services. 1 which is an IP in my k8s cluster. swarmMode, added passhostheader to my Hi, is it possible to forward the ip from a client to the k8s pods? Traefik Labs Community Forum Traefik with K8s as Ingress: Forward the origin IP of an client to the pods. 50:8080) that is reachable By combining Traefik’s IPAllowlist middleware with the X-Forwarded-For header, you can effectively filter requests based on the original client IP, even when Traefik is behind a A forward proxy, or gateway, or just "proxy" provides proxy services to a client or a group of clients. It's more a k8s configuration. Prepare Traefik and Letsencrypt Although I have written about this section in past posts, for completeness here is the creation of the certificate which uses letsencrypt-prod as issuer (read the official certmanager docs how to Hello everyone, I have a traefik service running on Docker Swarm, and it seems like there is an issue regarding X-Real-IP and X-Forwarded-For headers This is the output I am getting "[INFO] X-Forwarded-For: , ip: 10. yml version: "3" services: traefik: Just tested "forwardedHeaders. Issues with Real Client IP in Traefik. Traefik. I run a traefik in a container (traefik:latest) with, enabled docker. Traefik and PiHole with Docker: forward client IP But in adguard logs the client ip is showing the ip of traefik docker container. I have enabled the "forwardedHeaders" and Hi Tawmu, You can forward the real IP to your traefik adding the following annotation in your Service object. 63/32")' kind: Rule services: - kind: Service name: test-svc namespace: test port: webui middlewares: - name: traefik-forward-auth namespace: kube-system - match: hi folks, maybe someone have similar issue and can help me with solution. 1 of the Docker Network itself. 4) -> AWS ELB -[TCP with proxy Hi, I have an entryPoint with proxy protocol enabled. 2: 1180: March 23, 2022 Hi, since a few days I'm using Traefik as primary reverse proxy in front of some dockerized services. 25. It The strange thing is, it seems that Traefik is passing along any headers like x-forwarded-for because if I manually add an x-forwarded-for with my ip address into my browser request, the result in the apache logs has my ip as well as the internal cluster ip This section is about configuring how Traefik forwards the response from the backend server to the client. This is my current configuration: A client (outside the cluster) is trying to make connections to an application (within my cluster) through Traefik loadblancer service. A TCP connection has a source and a target, those are always the real IPs, so when Traefik is forwarding TCP packets, the source will be the Traefik IP. According to Kubernetes Using Source IP document, add set service. in regards to the Loadbalancer type in order to preserve the client IP address the following configuration should be also implemented: I am not be able to forward any headers. 3 on a single node Kubernetes cluster and I'm trying to get the real user IP from the X-Forwarded-For header but what I get instead is X-Forwarded-For: 10. I currently got in touch with Traefik and using it as reverse proxy for my docker services. Support for socket activation was added to Traefik 3. Otherwise everyone outside could send fake data. How can I get the real client ip to be visible to my containers? I've done quite a bit of searching and it seems like this is a common issue. With following configurations: docker "HTTP_X_CLIENT_IP": "102. Both Gitlab and Traefik are running via rootless podman. Then Traefik should add regular http headers like X-Forwarded-For or X-Real-Ip. I have a Nextcloud instance setup but its reporting that my reverse proxy header is not configured right. I am using HELM chart to deploy it . So far everything works fine, except the fact that the client IP addresses aren&#39;t forwarded but only the internal docker IP from&hellip; kindly help me on this to get the client ip and our ttaefik version is 2. So far everything works fine, except the fact that the client IP addresses aren&#39;t forwarded but only the internal docker IP from&hellip; I'm having trouble getting my X-Forwarded-For header working. I'm only seeing internal IPs in X-Real-Ip and X-Forwarded-For. Prevent traefik from forwarding client IP. Not sure how you can tell nginx to use a header IP instead of the connection IP in the logs. With every incoming HTTP request, traefik automatically adds the client IP address to the HTTP headers X-Forwarded-For and X-Real-IP. Hello, having a traefik v3 running as a This allows traefik to forward the headers it receives from a client IP to the endpoint instead of requests being forward to the docker virtural gateway over to traefik, then forwarded again to The IP of traefik is the IP of the host, and the port of traefik is the port of 80 443 9000 on the host; The ELB of Huawei cloud forwards the ports of 80 443 9000 of the hosts of How can I make the original client IP addresses available to my services? As a minimal setup example I use Traefik and PiHole. Don’t use TLS passthrough, but terminate TLS at Traefik, then use new TLS to proxy/forward to a https target service. This is the core reason you Traefik will forward the "real IP" as header meta data in every forwarded http request. If depth is greater than the total number of IPs in X-Forwarded-For, then the client IP will be empty. However now my server sees I wrote an example showing how to run Traefik with rootless Podman and get a the real remote IP address. 1. The problem is that this does not happen in the access log. I read that there is a way of doing it if we set traefik as mode: host. 122", Hi, I use Traefik 2. I'm getting the pod ip or 127. Or you specify the external URL as service target, but that needs to be done in a dynamic config file, loaded with i install and configure traefik as ingress controller on EKS aws, however i am facing problem that is the address of x-real-ip and x-forwarded-for is local address of pod , how to get IP of remote client ? I installed fo Hi, I have configured the following Ingress route (see below). We get a cluster ip instead. my infrastructure look like AWS load balancer -> AWS ec2 -> docker swarm -> treafik -> fastAPI server. 5. One way we can think of is to place a traefik instance outside the k8s as a load First of all, hello to all!!! For weeks now I have been trying to understand why I can't get the IP of the clients that make requests to the apache service. Hello, I was wondering how to get the real IP of a client which is on the same network of the server on the headers X-Forwarded-For and X-Real-Ip. So far everything works fine, except the fact that the client IP addresses aren&#39;t forwarded but only the internal docker IP from&hellip; Hello everyone! I have problems to get X-Forwarded-For/X-Real-IP to show the real client's IP. In some situations, the web application needs to read a client's IP address and after some digging, I have found that the way to do so behind Traefik is to use the X-Forwarded-For header (meaning that Traefik is adding the real client IP address to it). 3. We have traefik 2. log file I don't see the real IP of the requesting client. uk at this server. Finally we send an HTP request from DMZ that reached Hi, I'm using Traefik with helm chart. 7: 5585: August 24, 2023 How to access traefik This section is about configuring how Traefik forwards the response from the backend server to the client. 2 (changed in this post). Basically it will work with host mode, but then all containers have to be But in the logs in Docker or with Portainer I only see the IP of Traefik and not that of the "visitors" What have I already tried: Traefik and PiHole with Docker: forward client IP. It is a duration in milliseconds, defaulting to 100. Here's my Traefik deployment and service: Hi @moutoum!. The only issue I cannot seem to tackle or find any solution on the internet is how to passthrough the client ip to the service. 70 belongs to the Kubernetes Node IP. Below are the available options for the Response Forwarding mechanism: FlushInterval specifies the interval in between flushes How to forward the user's real IP to a service? I am using Traefik v2 in Docker swarm. Hi everyone, I am trying to learn how Traefik works based on a very simple use case. (Or with ProxyProtocol if you configured it. 8 KB. At the top is CloudFront, which made me think that I was very lucky because only recently did they start supporting forwarding the client IP address. localhost is matched; frontend2 will forward the traffic to the backend1 if the rule Host:localhost,{subdomain:[a-z]+}. I use Cloudflare for DNS services. If you need to get the IP from a client before the last "hop", you can either rely on headers that are used in http protocol or use ProxyProtocol, which needs to be enabled with sender and receiver. 7. I have enabled all possible features at the level of my Helm charts without success. 0: 580: March 16, 2020 Hi Folks, I am using Trafeik version 2. The Host server has a port forward for 443 and 80 to Traefik. 0. I have a pretty basic Docker Swarm setup on two hosts, both with publicIPs 150. I also played around with forwardedHeaders where I set the internal IP's as trusted and or set Hi, I´m trying to set up that Traefik 1. 4) via headers without additional configuration: We let Traefik listen directly on the host ports 80+443 (but not How can i make the original client IP addresses available to my services? As a minimal setup example I use Traefik and PiHole. 1 Like. x. org to another private host (http://192. The only problem is that my backend always got the same IP address of the Ingress controller (?) and not the real IP address, of the callers. 12 is forwarding Headers X-Forwarded-For and X-Real-Ip with the origin Client IPs. 4 I get the real client ip in X-Forwarded-For if I use ipv4, but the IPv6Gateway fd30:1::1 on the proxy network, when I use IPv6. With the HTTP proxy the original user IP is passed (I believe in a X-Forwarded-For header or something along those lines) However for the TCP proxy there is no such option. X-Real-Ip: 192. However, my traefik is running as a docker container accessible on of the LAN IP of my server at an assigned port. Setup: R53 --> ALB --> (Traefik proxy --> applocation) ECS I Hi ! TL;DR - I wan’t to use the IPWhiteList middleware but Traefik (as a k8s ingress controller) can’t read the client source IP address. The container inside the Docker network only sees the gateway's IP. I've enabled the proxy protocol for the ELB but still am unable to log the client IP. 165. spec. ) So the target service needs to read/use the IP address from the header, not from the TCP connection, which will always come from a Docker IP. No LoadBalancer Solution. version: "3" name: test services: the RemoteAddr IP belongs to traefik pod. I have tried: proxy protocol on entry point I currently got in touch with Traefik and using it as reverse proxy for my docker services. _] Externally, the DNS points attie. docker, tcp. The depth option tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). Can some one help me on that to enable it on Trafeik version 2. 2" The domain. As a background Info, I'm using Fail2Ban on gitlabs VM. Ask Question Asked 5 years, 7 months ago. 7: 5544: August 24, 2023 Serving private and public requests? Traefik v2. To access to kubernetes services I have deployed this: HAPROXY (external) --> Traefik Requests to your nginx app have the Traefik proxy IP as originating IP, as that's whats happening on the TCP/IP level. When using http/s, you can check the headers which include the original IP. Or, more generally, I can't see the ip of the actual client in any containers I'm hosting in my Docker Swarm/Traefik stack. I'm seeing something along these lines, all I get in the X-Forwarded-For is the actual K8S host INTERNET -> Cloudflare (DNS-Proxy) -> MY_FIREWALL -> Traefik -> Server (filters e. What's the best way to implement both TCP on docker, HTTP on kubernetes and Apache to register Tried all of them together and individually also but every time I add these configurations traefik stopped working without any useful logs. I would like to have traefik read this header and create a X-Real-Ip header with it's contents, but only if the source ip is a trusted/whitelisted one. 88. 1 (released July 2024). Modified 5 years, 7 months ago. Then kube-proxy will forward For incoming headers and ProxyProtocol, you need to set the trusted IPs. 10. To illustrate the issue, I use the following setup: client/browser => Azure AppGateway => K8S (Azure AKS) => Traefik service => whoami service Here are the headers that "whoami" service receives: Hostname: whoami-5dfdf459f4-z9hl7 IP: To proxy/forward requests to a different server, they can either be connected, like in a Docker Swarm. The only IP which I can see with Wireshar Okay, now I see where you're going with this. This setup works perfectly fine and the actual client IP's are always correctly forwarded to the downstream. traefik. below is the relevant sections of my configuration files. Setting up my services is quite simple: Docker in swarm mode A Manager node A Worker node Traefik 2 installed on the Manager node A Stack with Apache service running on the Worker node Everything works Hi, I´m trying to set up that Traefik 1. My IP setup is quite straight forward shown below: [Home computer] (46. 192. But X-Forwarded-For is not set with the public ip client. Hi, We used traefik (v2. 1 Even in x-forwarded-for header I'm getting the I’m trying to setup a local DNS server on pi-hole and point the local domains to the IP of Traefik. But I can't see the client real/public IP at access logs who access for my site. Now my accesslogs finally show the real client IP. Network flow will change to. . So far I was able to get most of the things up and running. g. 255. Traefik v3 (latest) docker, file. There are likely hundreds of thousands of open forward proxies on the I've been having problems with forwarding the real client IP to the Traefik pod. So far everything works fine, except the fact that the client IP addresses aren't forwarded but only the internal docker IP from Traefik is This can also be enabled between Traefik and target service. My setup is made of a home server using a docker compose file that contains a multitude of services, the following is an excerpt of it which is able to reproduce the problem. I have added our ELB private IP addresses to the trustedIPs setting for both forwardedHeaders and proxyProtocol on our Traefik endpoints, which works great for sites pointing directly at AWS ELB, but not for sites sitting behind Cloudflare. routes. Traefik Labs Community Forum X-Forwarded-For is not set with public ip client. docker. insecure" => same results - no "real visitors ips". depth¶. Traefik must then forward the request on to the old server using the Traefik will always place the originating IP in the headers when forwarding http/s requests (X-Real-Ip). 0/24 network is never recognized as coming from Response Forwarding¶ This section is about configuring how Traefik forwards the response from the backend server to the client. ipv6Subnet is provided and the selected IP is IPv6, the IP My traefik instance sits behind a vpn connection and is able to retrieve client IP's using proxy protocol. If you configure your services and load balancers to preserve the source IP, then traefik will forward it properly via the X-Real-IP header. ; Yes, I've searched similar issues on the Traefik community forum and didn't find any. It's deployed as a deployment with a nodeport service to expose it to external. the IP: 10. So far everything works fine, except the fact that the client IP addresses aren't forwarded but only the internal docker IP from Traefik is Looks like i figured it out: Traefik was using a bridged docker network which doesn't forward the client IP by default. Network in between is a Docker "driver: bridge" net. 9. Here’s my configuration. When running Traefik in containers, we use host mode for the required I'm having issues getting a x-forwarded-for IP address from Traefik. Forward Rela Traefik IP and Header Logs. Now, I need also to forward requests coming to foo. ; If ipStrategy. Traefik has a disablehttp2 option (doc), which is false by default, so it should be be able to Hello, I've seen several posts about broadcasting the real client ip, but I have a couple of questions that I haven't found answers to. With following configurations: docker-compose. I premise that using forwardedHeaders:insecure:true I can see the real ip in the traefik logs and also in the application, compared to proxyprotocol:insecure:true which shows me nothing Question 1: since traefik Hi there. For this reason, the following I'm running Traefik 1. The problem is with our k8s configuration, traefik isn't able to get client's real source ip address. IP forwarding doesn't seem to be working properly. Currently I get only an IP starting with 10. Example 1 has a traefik container that is acting as an HTTP reverse proxy that forwards requests to a whoami container. whole Russia based on the source IP) -> Docker Container ^^^This worked before (month ago). I wanted to capture the client IP on the application with traefik proxy. ; depth is ignored if its value is less than or equal to 0. localhost,test2. Since I'm behind a CGNat I'm Hi All, I'm trying to get our Traefik instance (hosted in Kubernetes) to log the client's real IP whilst behind Cloudflare and AWS ELB. Here is the link to the detailed configuration on the Kubernetes website: Using Source IP | Kubernetes Additionally, if you use external proxy in front of Traefik, than Traefik must also Hi, is it possible to forward the ip from a client to the k8s pods? Patching the k3s Traefik LoadBalancer service to use externalTrafficPolicy: Local as described in that documentation does not get the client IP to the service under any of the headers. my treafik docker look like traefik: After doing this, traefik will forward correct client IP. A year later, with traefik 2. I use traefik as a reverse reverse proxy for my Docker host. This has been going on for several months. Otherwise, So that means that I could set yet another header with The connection will always have the IP of Traefik, this is how TCP/IP works. Hope it helps anyone who is facing this issue in the future. externalTrafficPolicy to Local. Traefik v2. domain`) && !ClientIP("192. I'm wondering whether upgrading to traefik 2 will solve these issues, or maybe whether they can be solved under 1. In my setup I only get the IP of the docker_gwbridge. What I observed: Without adding any of these configurations if I hit the trafik IP directly by skipping the Loadbalancer I can see My IP (client-IP). So far everything works fine, except the fact that the client IP addresses aren&#39;t forwarded but only the internal docker IP from&hellip; Supports multiple providers Generic - uses X-Real-Ip and X-Forwarded-For headers to determine the real IP; Cloudflare - uses True-Client-IP and CF-Connecting-IP headers to determine the real IP; Qrator - uses X-Qrator-IP-Source header to determine the real IP; Allows to specify excluded networks and excluded addresses; You can specify which providers to use A TCP connection will always have the address of the last sender, that’s the way TCP/IP works. ; What did you do? have a look at The issue i currently face is that the ip is internal: 10. If you deploy Traefik on Kubernetes with service type Loadbalancer, the externalTrafficPolicy should be also updated. I can see in v1 where "useXForwardedFor" was an option for the entrypoints. Is it possible configure traefik somehow to keep the IP address of the real callers in tcp/ip packages, which go to my Is it possible to get the client IP from proxy protocol into Forwarded-Headers? Client (1. Cloudflare proxy includes a header named CF-Connecting-IP with the user's real ip. I always get entries like the following, where x. Traefik Labs Community Forum For plain TCP you can use ProxyProtocol with Traefik, for http you can use the X-Forward headers to get the IP. On 2021-06-28 morning, our production system get lots of source NATed client ips. I want to use the IP Whitelist feature to limit access to certain routers for local home-network traffic only while having public routes from the internal as well. Additionally, I want to set up a static proxy to an external server. 1 which I'm trying to get the real source ip in the pods that running into my kube cluster. The problem is that the X-Forwarded-For header does not contain the IP address of my client computer. When a request comes in, Traefik receives it, but the source IP Traefik sees is the IP address of the Docker network gateway, not your client's IP. 7: 5634: August 24, 2023 Serving private and public requests? Traefik v2. example. X-Real-Ip usually just has the first client IP (browser). Regular target services will accept X-Forwarded-* headers and work with those. 1) in a k8s cluster. Hi, I have installed traefik on k8s with this guide: All works fine. Unfortunately, the ClientAddr for local home-network traffic onto the 443/80 entryPoints on a 192. yml file- autoscaling: enabled: true maxReplicas: 5 minReplicas: 3 logs: # general: # level: INFO access: enabled: true format: json fields: headers: defaultMode: keep names: defaultMode: keep User-Agent: keep Autorization: keep Content I fixed it by setting externalTrafficPolicy: local on the traefik service (running in K3s) which preserves the client source IP. 3: 4059: April 24 Hello @DanW thanks for using Traefik and asking the question. Has anyone been able to solve this in anyway, and have traefik forward ip's to containers across nodes? Hello, I was wondering how to get the real IP of a client which is on the same network of the server on the headers X-Forwarded-For and X-Real-Ip. - match: 'Host(`test. R&hellip; Hello, I have a k3s cluster running with Traefik disabled and I installed it through the Improper parsing of the X-Forwarded-For header may have a negative security impact with consequences as described in the previous section. My setup is made of a home server using a docker compose file that cont ipStrategy. Disabling forwarding of X-Forwarded-For header? Traefik v1. Traefik ECS provider is not forwarding client IP with AWS ALB. it runs on k8s I added access logs and want to have a public client IP this is my value. but I cannot figure out how that translates to v2s model. 1 and 150. 3: 899: June 1, 2024 Only see docker IP in logs. 119) | | [Internet Hi there, I'm currently setting up a k8s cluster with traefik and the traefik kubernetes-crd for ingress. _] [backends. Note that you should not do a low-level fail2ban, as in blocking IPs on a TCP level. Thank you I'm trying to fix this issue for the past 2 days but I don't know how to resolve it. 1 deployed to GCP/in house kubernetes clusters. 46. I would recommend you to see the following docs: forwarded Headers EntryPoints - Traefik Then the real IP address should be available in the X-Forwarded header. When the Hello, I'm trying to get the real source ip in the pods that running into my kube cluster. I'm using the image: "traefik/whoami" to see this. I was using trafeik version 1 and it was working fine for that but not on version 2. K8s is installed on a Debian host with kubeadm: kubead I currently got in touch with Traefik and using it as reverse proxy for my docker services. It is a duration in milliseconds Hello guys, I'm currently struggling to get the real clients IP address to end up in the gitlabs logs. projx December 24, 2021, 4:55pm 8. x for my docker container. If you are looking for the original external client IP of the request, then check the HTTP X-Forwarded-For or X-Real-IP header. 3: Hi, I am also trying to preserve the http headers x-forwarded-* and x-real-ip to know the IP address of my visitors. Only partial client IPs I'm using traefik 1. kubernetes-ingress. So all i had to do to fix this was to add network_mode: host to the docker-compose. does it mean i need to make changes in the AWS-ALB ? It seems there's tons of posts about this problem, but somehow none of the mentioned solutions (or attempts at them) were helping me, so I'm hoping that with this thread maybe someone can tell me what my problem is (or at least where it lies) My Setup: I'm using Unraid for my Homeserver with Traefik as the Reverse Proxy. is the public IP address (WAN IP) of my own router. Seems that you should update the Kubernetes service by adding externalTrafficPolicy: local in order to preserve source IP addresses. On http level, you can just use the http headers. My few configuration Traefik was using a bridged docker network which doesn't forward the client IP by default. What is wrong here? Any help is really appreciated. 229 belongs to the whoami pod. bluepuma77 February 19, 2025, you can try a different approach. In I'm running Traefik 1. We deployed a conainer with whoami. trr gmhwqs icvalk wies jzc pmaidgk ezajoq ccdxbsw xlijmr xzjvma lckkpo itcwgrn jler bvwj vbmua