我将traefik用作Docker主机的反向反向代理。另外,我想设置一个到外部服务器的静态代理。这是我当前的配置:
defaultEntryPoints = ["http", "https"]
debug = false
logLevel = "ERROR"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[api]
[docker]
domain = "myhost.com"
watch = true
exposedByDefault = false
[file]
[backends]
[backends.otherhost]
[backends.otherhost.servers]
[backends.otherhost.servers.server0]
url = "http://otherhost.com"
[frontends]
[frontends.otherhost]
entryPoints = ["http", "https"]
backend = "otherhost"
[frontends.otherhost.routes]
[frontends.otherhost.routes.route0]
rule = "Host:subdomain.myhost.com"
[frontends.otherhost.headers.customRequestHeaders]
X-Forwarded-For = "foo"
X-Real-Ip = "foo"
将标题设置为空字符串没有任何作用。使用这些设置,X-Real-Ip是foo,但是X-Forwarded-For变成foo, <my real IP>。我可以防止traefik将客户端IP泄漏到外部后端,同时仍将其保留在Docker环境中吗?
答案 0 :(得分:1)
如何使用中间件覆盖X-Forwarded-For标头。找到文档here。
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Forwarded-For = "foo"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Forwarded-For = "foo"
然后您可以将特定的中间件应用于路由器,如下所示:
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["testHeader"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Forwarded-For = "foo"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Forwarded-For = "foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
参考文献: