时间戳

首页 > 解决方案 > Traefik 2 docker不显示客户端真实IP

docker - Traefik 2 docker不显示客户端真实IP

问题描述

我在 docker 中运行 traefik(在 Windows 主机上)。我遇到的问题是 X-Real-IP 标头 alawys 显示 docker 网络网关 ip 而不是真正的客户端 ip。我不确定我做错了什么,我知道主机网络模式下的 traefik 应该可以工作,但是它不会再找到它自己的 docker 服务。

这是我的码头工人撰写文件:

version: "3.7"

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

services:
  traefik:
    # The official v2 Traefik docker image
    image: traefik/traefik:latest
    container_name: traefik
    restart: unless-stopped
    # Enables the web UI and tells Traefik to listen to docker
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.https.address=:443
      - --api=true
      - --api.insecure=true
      - --api.dashboard=true
      - --log=true
      - --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefiklog/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --providers.docker=true
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.xxx.com`)
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
      - --providers.file.watch=true # Only works on top level files in the rules folder
    networks:
      t2_proxy:
        ipv4_address: 192.168.90.254
    ports:
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    volumes:
      - C:\docker/traefik/rules:/rules 
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - C:\docker/traefik/logs:/traefiklog
      - C:\docker/shared:/shared
    labels:
      - "traefik.enable=true"

  whoami:
    image: "containous/whoami"
    container_name: "whoami"
    networks:
      t2_proxy:
        ipv4_address: 192.168.90.200
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.xxx.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      - "traefik.http.routers.whoami.tls=true"

我设置了网络:

docker network create --gateway 192.168.90.1 --subnet 192.168.90.0/24 t2_proxy

这是浏览器中 whoami webrequest 的输出:

Hostname: 8752e7b8a5d4
IP: 127.0.0.1
IP: 192.168.90.200
RemoteAddr: 192.168.90.254:36228
GET / HTTP/1.1
Host: whoami.xxx.com:433
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cache-Control: max-age=0
Dnt: 1
Te: trailers
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 192.168.90.1
X-Forwarded-Host: whoami.xxx.com:433
X-Forwarded-Port: 433
X-Forwarded-Proto: https
X-Forwarded-Server: 969f601c0c24
X-Real-Ip: 192.168.90.1

标签: dockertraefik

解决方案

本指南中似乎提供了解决方案:https ://dockerswarm.rocks/traefik/#getting-the-client-ip

如果您需要使用 Traefik 提供的X-Forwarded-FororX-Real-IP标头读取应用程序/堆栈中的客户端 IP,则需要让 Traefik 直接侦听,而不是通过 Docker Swarm 模式,即使在使用 Docker Swarm 模式部署时也是如此。

ports:
  - target: 80
    published: 80
    mode: host
  - target: 443
    published: 443
    mode: host

推荐阅读