Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forwarding client IP from HAProxy in pfSense to Traefik

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 418 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      s0ulf3re
      last edited by s0ulf3re

      I have multiple devices on my network that I am wanting to proxy, so I am creating a setup very similar to the one found in Re: [SOLVED] HaProxy forward client IP so I can set pfSense to apply it's ssl certificate. I have my DNS for my domains set within the pfSense DNS resolver to point towards 192.168.1.1, and then use HAProxy to forward the traffic from the internet and local area network to the appropriate device via two separate frontends. However, I am having issues with Traefik on one of my servers. While the other devices (A Synology NAS and a Raspberry Pi running Home Assistant OS) have accepted 192.168.1.1 as a trusted proxy across both frontends after configuring them, the one with Traefik doesn't seem to be accepting it as a proxy and the logs of my other services running through Traefik continue to show 192.168.1.1 as the client IP in their logs.

      I currently have the following set for entrypoints in Traefik (I haven't gotten around to rewriting all my config files to exclude websecure yet so it's mostly not doing anything since it's being overwritten by HAproxy passthrough)

      entryPoints:
        web:
          address: :80
          forwardedHeaders:
            trustedIPs:
              - "192.168.1.0/24"
          http:
            redirections:
              entryPoint:
                to: websecure
                scheme: https
        websecure:
          address: :443
          forwardedHeaders:
            trustedIPs:
              - "192.168.1.0/24"
      

      Basically, how can I make it so that the Traefik proxy forwards the actual IP Addresses instead of just 192.168.1.1?

      I know there's a way that you can retrieve the generated HAProxy config by pfSense but I'm not quite sure of where it is.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @s0ulf3re
        last edited by

        @s0ulf3re said in Forwarding client IP from HAProxy in pfSense to Traefik:

        Basically, how can I make it so that the Traefik proxy forwards the actual IP Addresses instead of just 192.168.1.1?

        At the bottom of the backend settings there is an option "transparent mode", which does this.

        However, I don't recommend this. I'd rather go with "forwarded-for" header. III think, also Traefik should be able to handle this.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.