Open droans opened 3 years ago
yfhyou
commented
2 years ago As it shows in the description, this plugin writes the X-Real-Ip header, not the 'x-forwarded-for' header. You should check the x-real-ip result instead when using this plugin.
This plugin solves this issue by overwriting the X-Real-Ip with an IP from the X-Forwarded-For or Cf-Connecting-Ip (if from Cloudflare) header.
droans
commented
2 years ago As it shows in the description, this plugin writes the X-Real-Ip header, not the 'x-forwarded-for' header. You should check the x-real-ip result instead when using this plugin.
This plugin solves this issue by overwriting the X-Real-Ip with an IP from the X-Forwarded-For or Cf-Connecting-Ip (if from Cloudflare) header.
The plugin also sets the X-Forwarded-For based on the Cf-Connecting-Ip if X-Real-IP can't be pulled from X-Forwarded-For.
yfhyou
commented
2 years ago I see what you mean. I set up a test that didn't include cf-connection-ip and I get a similar result
, 1.2.3.4
simon-sudo
commented
2 years ago same here, I used another plugin and it worked well
bverwijst
commented
2 years ago @simon-sudo mind if I ask you how you configured Cloudflare? I'm struggling with configuring the rule expression in the Cloudflare rule to rewrite the header. I have the same issue with just Home Assistant, I'm having the same result with the extra , like the results above.
simon-sudo
commented
2 years ago @bverwijst
add this plugin to the configuration file:
experimental:
plugins:
real-ip:
moduleName: github.com/Paxxs/traefik-get-real-ip
version: [Please fill the latest version !]set two values like this:
http:
middlewares:
real-ip-foo:
plugin:
real-ip:
Proxy:
- proxyHeadername: X-From-Cdn
proxyHeadervalue: cf-my
realIP: Cf-Connecting-Ip
OverwriteXFF: true
- proxyHeadername: "*"
realIP: RemoteAddr
Reference : https://github.com/Paxxs/traefik-get-real-ip#cdn-configuration
bverwijst
commented
2 years ago @simon-sudo Brilliant, the expression was all I wanted to know, the rest I had correct. Much much appreciated, working like a charm now!
joggs
commented
2 years ago Plugin returns IP as ", 123.123.123.123" instead of just "123.123.123.123"
Configuration:
Docker
traefik: container_name: traefik image: traefik:brie restart: unless-stopped command: - --experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip - --experimental.plugins.traefik-real-ip.version=v1.0.3middlewares.toml:
[http.middlewares.my-traefik-real-ip] [http.middlewares.my-traefik-real-ip.plugin] [http.middlewares.my-traefik-real-ip.plugin.traefik-real-ip] excludednets = ["192.168.86.0/24", "10.10.0.0/16","172.0.0.0/8"]Test:
Home Assistant:
Invalid IP address in X-Forwarded For: , 192.168.XX.XXWhats My IP Container result:
, 192.168.XX.XXSame issue with setting
excludednetsequal to0.0.0.0/32,0.0.0.0/0, or any of the individual options above. Seems to work fine for any external IP addresses, just internal causes issues.
Can confirm. Noticed that I could not access home assistant from lan after enabling this plugin. The error log displays "Invalid IP address in X-Forwarded-For: , 192.168.0.58"
gionag
commented
2 years ago same for me. when used from the internal site it fails exactly as @youngt2 and @droans
Plugin returns IP as ", 123.123.123.123" instead of just "123.123.123.123"
Configuration:
Docker
middlewares.toml:
Test:
Home Assistant:
Invalid IP address in X-Forwarded For: , 192.168.XX.XXWhats My IP Container result:
, 192.168.XX.XXSame issue with setting
excludednetsequal to0.0.0.0/32,0.0.0.0/0, or any of the individual options above. Seems to work fine for any external IP addresses, just internal causes issues.