Forwarding client IP from HAProxy in pfSense to Traefik
-
I have multiple devices on my network that I am wanting to proxy, so I am creating a setup very similar to the one found in Re: [SOLVED] HaProxy forward client IP so I can set pfSense to apply it's ssl certificate. I have my DNS for my domains set within the pfSense DNS resolver to point towards 192.168.1.1, and then use HAProxy to forward the traffic from the internet and local area network to the appropriate device via two separate frontends. However, I am having issues with Traefik on one of my servers. While the other devices (A Synology NAS and a Raspberry Pi running Home Assistant OS) have accepted 192.168.1.1 as a trusted proxy across both frontends after configuring them, the one with Traefik doesn't seem to be accepting it as a proxy and the logs of my other services running through Traefik continue to show 192.168.1.1 as the client IP in their logs.
I currently have the following set for entrypoints in Traefik (I haven't gotten around to rewriting all my config files to exclude websecure yet so it's mostly not doing anything since it's being overwritten by HAproxy passthrough)
entryPoints: web: address: :80 forwardedHeaders: trustedIPs: - "192.168.1.0/24" http: redirections: entryPoint: to: websecure scheme: https websecure: address: :443 forwardedHeaders: trustedIPs: - "192.168.1.0/24"Basically, how can I make it so that the Traefik proxy forwards the actual IP Addresses instead of just 192.168.1.1?
I know there's a way that you can retrieve the generated HAProxy config by pfSense but I'm not quite sure of where it is.
-
@s0ulf3re said in Forwarding client IP from HAProxy in pfSense to Traefik:
Basically, how can I make it so that the Traefik proxy forwards the actual IP Addresses instead of just 192.168.1.1?
At the bottom of the backend settings there is an option "transparent mode", which does this.
However, I don't recommend this. I'd rather go with "forwarded-for" header. III think, also Traefik should be able to handle this.