You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CDN -> AWS NLB (listen on 443 and do TLS termination) > Traefik
Proxy proto v2 enabled in target group and traefik.
Traefik deployed in AWS EKS using VPC cni plugin, so IPs of traefik pods are VPC IPs, and these IPs will be registered into target group directly by AWS load balancer controller.
I have a service whoami behind traefik, when requesting this domain, I got:
RemoteAddr: 10.120.28.211:59468
X-Forwarded-For: 123.123.123.123 < this is cdn node IP, not my internet outbound IP
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Real-Ip: 123.123.123.123 < this is cdn node IP, not my internet outbound IP
What did you see instead?
I see only CDN node IP in X-Forwarded-For: 123.123.123.123.
I updated my access log configure and keep X-Forwarded-For field. I see no such field when receiving requests. I already added 10.120.0.0/16 which is my vpc cidr in trustedIPs, should it be enough?
I would expect:
X-Forwarded-For: 111,111,111,111, 123.123.123.123 < suppose 111.111.111.111 is my real client ip
X-Real-Ip: 111,111,111,111
And seems like X-Forwarded-Port and X-Forwarded-Proto are also not correct (separate issue maybe).
I mark this issue as a duplicate of #9757.
Even if the other issue describes an issue with other headers, in our opinion, the fix required will solve the issue for all the headers.
Welcome!
What did you do?
I have infra like this:
CDN -> AWS NLB (listen on 443 and do TLS termination) > Traefik
Proxy proto v2 enabled in target group and traefik.
Traefik deployed in AWS EKS using VPC cni plugin, so IPs of traefik pods are VPC IPs, and these IPs will be registered into target group directly by AWS load balancer controller.
I have a service
whoami
behind traefik, when requesting this domain, I got:What did you see instead?
I see only CDN node IP in
X-Forwarded-For: 123.123.123.123
.I updated my access log configure and keep
X-Forwarded-For
field. I see no such field when receiving requests. I already added10.120.0.0/16
which is my vpc cidr intrustedIPs
, should it be enough?I would expect:
And seems like
X-Forwarded-Port
andX-Forwarded-Proto
are also not correct (separate issue maybe).What version of Traefik are you using?
v2.9.10
What is your environment & configuration?
If applicable, please paste the log output in DEBUG level
No response
The text was updated successfully, but these errors were encountered: