Fix Cloudflare Trusted IP settings

README Changelog Update
2025-04-21 18:59:59 +08:00 · 2025-04-19 01:20:50 +08:00
3 changed files with 18 additions and 30 deletions
--- a/README.md
+++ b/README.md
@ -80,4 +80,17 @@ labels:
 I mount the access.log for crowdsec firewall to read. 
-PS: Because I access my traefik dashboard through my local network. I commented out the authetication method for dashboard. 
+PS: Because I access my traefik dashboard through my local network. I commented out the authetication method for dashboard. 
 ## Discussion and Changelog
 1. Traefik vs Nginx
 - Performance: Nginx is still better at high traffic. After all it is written in C. Traefik 3 though claims it has higher 20% performance than before. The latency still showed a little higher than nginx. 
 - Docker Deployment Ease: Traefik is easier for docker service deployment. In my environment, I can assign each docker stack with labels and then guides the traefik to add Let's encrypt SSL. 
 2. ChangeLog: 
 - 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.  
 - 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it. 
 - 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
 - 2025.4.18 Temp disable the compression middleware. It has MIME type bugs. 
--- a/dynamic.yml
+++ b/dynamic.yml
@ -51,4 +51,4 @@ http:
    netdata:
      loadBalancer:
        servers:
-          - url: "http://127.0.0.1:19999"
+          - url: "http://127.0.0.1:19999"
--- a/traefik.yml
+++ b/traefik.yml
@ -18,31 +18,7 @@ entryPoints:
  web:
   address: "10.0.0.225:80"
   forwardedHeaders:
-      trustedIPs: &trustedIps
+      insecure: true #traefik-plugin-cloudflare already handle the real-ip from cloudflare to X-Forwarded-For
        # Start of Cloudlare's public IP list
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 108.162.192.0/18
        - 131.0.72.0/22
        - 141.101.64.0/18
        - 162.158.0.0/15
        - 172.64.0.0/13
        - 173.245.48.0/20
        - 188.114.96.0/20
        - 190.93.240.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 2400:cb00::/32
        - 2606:4700::/32
        - 2803:f800::/32
        - 2405:b500::/32
        - 2405:8100::/32
        - 2a06:98c0::/29
        - 2c0f:f248::/32
        # End of Cloudlare's public IP list
   http:
      redirections:                           # HTTPS redirection (80 to 443)
        entryPoint:
@ -51,8 +27,7 @@ entryPoints:
  websecure:
    address: "10.0.0.225:443"
    forwardedHeaders:
-      # Reuse the list of Cloudflare's public IPs from above
+      insecure: true
      trustedIPs: *trustedIps
    http3: {}
  internal_web:
    address: "192.168.50.4:80"
@ -76,7 +51,7 @@ global:
 providers:
  docker:
    exposedByDefault: false
-#    network: traefik_default  # Ensure this matches the Docker network
+    # defaultRule: "Host(`{{ .ContainerName }}.gbanyan.net`)"
  file:
    filename: "/dynamic.yml"  # Enable dynamic configuration file
 certificatesResolvers:
Author	SHA1	Message	Date
Gbanyan	44a8560f5a	Fix Cloudflare Trusted IP settings	2025-04-21 18:59:59 +08:00
Gbanyan	0826bb4502	README Changelog Update	2025-04-19 01:20:50 +08:00