Add trusted whitelist proxy protocol

2017-10-10 14:50:03 +02:00 · 2017-10-10 14:50:03 +02:00 · 6287a3dd53
commit 6287a3dd53
parent 93a1db77c5
9 changed files with 249 additions and 143 deletions
--- a/docs/configuration/entrypoints.md
+++ b/docs/configuration/entrypoints.md
@ -185,16 +185,20 @@ To enable IP whitelisting at the entrypoint level.
 [entryPoints]
  [entryPoints.http]
  address = ":80"
-  whiteListSourceRange = ["127.0.0.1/32"]
+  whiteListSourceRange = ["127.0.0.1/32", "192.168.1.7"]
 ```

 ## ProxyProtocol Support

 To enable [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) support.
+Only IPs in `trustedIPs` will lead to remote client address replacement: you should declare your load-balancer IP or CIDR range here.
+

 ```toml
 [entryPoints]
  [entryPoints.http]
  address = ":80"
-  proxyprotocol = true
+  [entryPoints.http.proxyProtocol]
+    trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
 ```
+²