Document the insecure headers in traefik proxy configuration

[unsync]

Hi !
I've lost a ridiculous amount of time configuring some services because of a simple configuration trick.

I'm using domains managed by cloudflare (proxied to benefit from CF features), as a result the ssl certificates are provided by cloudflare.

I went through hoops and loops for some services with redirection loops and things like that.

My recent solution was to setup the FQDNs of services with the http protocol, which worked but then my services were (for some) using this FQDN in their config, responding with the http protocol when it should have been https for the service to work properly.

Long story short, the default traefik configuration do not pass the forwarded headers by default :

https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers

That is opinionated, but that's not the question here ^^

So, in my case i just had to set this in my server proxy configuration:

- '--entryPoints.http.forwardedHeaders.insecure'

And now i can setup https FQDNs on my services without redirection loops, all my apps are aware of their https urls, everything works fine 🚀

The request

Could you, in the place you deem fit in the documentation, add information about this setting ?
Even with a warning about it being insecure, but to at least save the hassle of finding this out by ourselves ?

I think the cloudflare domains + coolify setup might be a pretty common one :)

[jonathan-reisdorf]

The same trick works well when using Traefik behind another proxy, e.g. a Hetzner Load Balancer. In that case, the load balancer may even have an internal network IP address, so instead of using insecure, trustedIPs can be used. E.g. if your load balancer is on 10.1.0.10, the argument would be

      - '--entrypoints.http.forwardedheaders.trustedips=10.1.0.10'

If you don't do TLS termination but TLS passthrough, also add

      - '--entrypoints.https.forwardedheaders.trustedips=10.1.0.10'