时间戳

首页 > 解决方案 > 防止traefik转发客户端IP

traefik - 防止traefik转发客户端IP

问题描述

我使用 traefik 作为我的 Docker 主机的反向代理。此外,我想为外部服务器设置一个静态代理。这是我目前的配置:

defaultEntryPoints = ["http", "https"]

debug = false
logLevel = "ERROR"

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  compress = true
  [entryPoints.https.tls]

[api]

[docker]
domain = "myhost.com"
watch = true
exposedByDefault = false

[file]

[backends]

  [backends.otherhost]
    [backends.otherhost.servers]
      [backends.otherhost.servers.server0]
        url = "http://otherhost.com"

[frontends]

  [frontends.otherhost]
    entryPoints = ["http", "https"]
    backend = "otherhost"
    [frontends.otherhost.routes]
      [frontends.otherhost.routes.route0]
        rule = "Host:subdomain.myhost.com"
    [frontends.otherhost.headers.customRequestHeaders]
      X-Forwarded-For = "foo"
      X-Real-Ip = "foo"

将标题设置为空字符串什么也没做。有了这些设置,只是X-Real-Ip变成了. 我可以防止 traefik 将客户端 IP 泄漏到外部后端,同时仍将其保留在我的 Docker 环境中吗?fooX-Forwarded-Forfoo, <my real IP>

标签: traefik

解决方案

Traefik 2.x

使用中间件覆盖标头怎么样X-Forwarded-For在此处找到的文档。

[http.middlewares]
  [http.middlewares.testHeader.headers]
    [http.middlewares.testHeader.headers.customRequestHeaders]
        X-Forwarded-For = "foo"
    [http.middlewares.testHeader.headers.customResponseHeaders]
        X-Forwarded-For = "foo"

然后,您可以将特定的中间件应用于您的路由器,如下所示:

[http.routers]
  [http.routers.router1]
    service = "myService"
    middlewares = ["testHeader"]
    rule = "Host(`example.com`)"

[http.middlewares]
  [http.middlewares.testHeader.headers]
    [http.middlewares.testHeader.headers.customRequestHeaders]
        X-Forwarded-For = "foo"
    [http.middlewares.testHeader.headers.customResponseHeaders]
        X-Forwarded-For = "foo"

[http.services]
  [http.services.service1]
    [http.services.service1.loadBalancer]

      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:80"

参考:

推荐阅读