I'm running two separate Docker stacks on my VPS: one for Traefik and another for WordPress. I want to keep Traefik independent so I can add more services later. However, I'm facing an issue where my WordPress stack isn't receiving the actual IP addresses of my site visitors. Instead, it's just showing the router IP from the Traefik service (172.18.0.1). This is messing with my security plugins. How can I configure Traefik to pass the real IP addresses of users to my WordPress stack?
4 Answers
You should use the X-Forwarded-For (XFF) header. Traefik sets this header by default with the real IP. Just make sure your WordPress stack is configured to trust that header. This usually means checking a box to indicate it's behind a proxy or configuring subnet settings depending on what you're using.
To pass the correct visitor IPs, you need to configure your reverse proxy settings to forward the right headers. This isn't strictly a Docker issue. Check the Traefik documentation for any specific settings that might help.
Based on my testing, it seems that having a rootless Docker setup brings some complications regarding IP forwarding. I switched to rootful Docker, but it's not without its complexities.
What kind of complexities are you referring to with rootful Docker? I thought it would be simpler than rootless?
If you're using Docker Swarm mode, there’s a known issue where Docker doesn’t pass the correct IPs. You might have to set the XFF on an external host to get it working properly. It's a bit frustrating!
I thought this was more about how Traefik is configured rather than Docker itself?
How do I actually capture that header? Is this something I handle in Traefik or WordPress?