Confused - Understanding trusted_proxies

My setup mydomain --> cloudfare–> Traefik (reverse proxy)–> HomeAssitant
The combination of cloudflare (hiding my real IP) + Traefik for directing everything to secured network (http–> https) ,

first,do i really need to configure trusted_proxies?
What it actually does?
I guess I miss something very basic here .

I added the option to traefik to forward the headers for both

--entryPoints.web.forwardedHeaders.insecure
----entryPoints.websecure.forwardedHeaders.insecure

following some search i’ve done i came up for this configuration :

http:
  base_url: !secret base_url
#  ip_ban_enabled: true
#  login_attempts_threshold: 5
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.29.4.5 #traefik docker IP
    - 127.0.0.1  #not sure it required
    - 192.168.1.0/24 #router range

I create whoami docker for debug :
I see my actual IP + CF ip
X-Forwarded-For: xx.1xx.1x.xx0, 141.101.104.47

so i guess from traefik +CF setup - all ok
How can i confirm the proxy_setting are correct in HA?
What are the expected results if it configure correctly ?

1 Like

anybody?
would appreciate an explanation for trusted_proxy