2

I'm using traefik in docker-mode. It's retrieving most config (acme.domains, enabled, frontend-rules,...) from the docker containers.

Currently all containers are reachable from the WWW (0.0.0.0). I'm wondering how to restrict the access to a single container to some dedicated ip-addresses.

The docker labels of the private web-service would look like:

labels:
  - "traefik.enable=true"
  - "traefik.backend='private container'"
  - "traefik.whitelistSourceRange=192.168.1.0/24"

The whitelisted ip is in this case of course just an example. This could be any private ip-subnet.

Maybe it's possible to set a frontend-rule which bases on "client.ip"?

Thanks for your help!

4

0 回答 0