From 44a8560f5a3d4764b11ab0b71f9e777b51fcf455 Mon Sep 17 00:00:00 2001
From: Gbanyan <gbanyan.huang@gmail.com>
Date: Mon, 21 Apr 2025 18:59:59 +0800
Subject: [PATCH] Fix Cloudflare Trusted IP settings

---
 README.md   |  2 ++
 dynamic.yml |  2 +-
 traefik.yml | 31 +++----------------------------
 3 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index f1a3a78..45d3049 100644
--- a/README.md
+++ b/README.md
@@ -90,5 +90,7 @@ PS: Because I access my traefik dashboard through my local network. I commented
 
 2. ChangeLog: 
 
+- 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.  
+- 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it. 
 - 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
 - 2025.4.18 Temp disable the compression middleware. It has MIME type bugs. 
\ No newline at end of file
diff --git a/dynamic.yml b/dynamic.yml
index 0cf4888..47ddc8c 100644
--- a/dynamic.yml
+++ b/dynamic.yml
@@ -51,4 +51,4 @@ http:
     netdata:
       loadBalancer:
         servers:
-          - url: "http://127.0.0.1:19999"
+          - url: "http://127.0.0.1:19999"
\ No newline at end of file
diff --git a/traefik.yml b/traefik.yml
index 2a71efe..c3581ee 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -18,31 +18,7 @@ entryPoints:
   web:
    address: "10.0.0.225:80"
    forwardedHeaders:
-      trustedIPs: &trustedIps
-        # Start of Cloudlare's public IP list
-        - 103.21.244.0/22
-        - 103.22.200.0/22
-        - 103.31.4.0/22
-        - 104.16.0.0/13
-        - 104.24.0.0/14
-        - 108.162.192.0/18
-        - 131.0.72.0/22
-        - 141.101.64.0/18
-        - 162.158.0.0/15
-        - 172.64.0.0/13
-        - 173.245.48.0/20
-        - 188.114.96.0/20
-        - 190.93.240.0/20
-        - 197.234.240.0/22
-        - 198.41.128.0/17
-        - 2400:cb00::/32
-        - 2606:4700::/32
-        - 2803:f800::/32
-        - 2405:b500::/32
-        - 2405:8100::/32
-        - 2a06:98c0::/29
-        - 2c0f:f248::/32
-        # End of Cloudlare's public IP list
+      insecure: true #traefik-plugin-cloudflare already handle the real-ip from cloudflare to X-Forwarded-For
    http:
       redirections:                           # HTTPS redirection (80 to 443)
         entryPoint:
@@ -51,8 +27,7 @@ entryPoints:
   websecure:
     address: "10.0.0.225:443"
     forwardedHeaders:
-      # Reuse the list of Cloudflare's public IPs from above
-      trustedIPs: *trustedIps
+      insecure: true
     http3: {}
   internal_web:
     address: "192.168.50.4:80"
@@ -76,7 +51,7 @@ global:
 providers:
   docker:
     exposedByDefault: false
-#    network: traefik_default  # Ensure this matches the Docker network
+    # defaultRule: "Host(`{{ .ContainerName }}.gbanyan.net`)"
   file:
     filename: "/dynamic.yml"  # Enable dynamic configuration file
 certificatesResolvers: