beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #20 from beatz174-bit/codex/update-traefik-configuration-for-trusted-proxies

Browse Source 
Restrict Traefik forwarded headers to trusted IPs, enable Authelia trustForwardHeader, and add traefik network subnet
This commit is contained in:
beatz174-bit
2026-04-13 10:16:25 +10:00
committed by GitHub
parent cfbefed2e3 8448f2bb94
commit 47a5908430
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/traefik/traefik.yml
+15 -2
View File
@@ -24,7 +24,16 @@ entryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true
# Trust forwarding headers only from upstream proxies/LBs under our control.
# Network assumptions for this stack:
# - 127.0.0.1/32: local host-side reverse-proxy hops
# - 192.168.2.0/24: LAN edge proxies
# - 172.21.0.0/16: pinned Docker subnet for the traefik bridge network
insecure: false
trustedIPs:
- "127.0.0.1/32"
- "192.168.2.0/24"
- "172.21.0.0/16"
http:
redirections:
entryPoint:
@@ -34,7 +43,11 @@ entryPoints:
websecure:
address: ":443"
forwardedHeaders:
insecure: true
insecure: false
trustedIPs:
- "127.0.0.1/32"
- "192.168.2.0/24"
- "172.21.0.0/16"
http:
middlewares:
- default-chain@file