I've been working to setup Deis on Azure and have been having some issues when it comes to getting the whitelist configurations working. I have tried using a variety of configurations over the last two weeks and continually come up against the same barriers.
The problem is that when I use Azure Load Balancer, the client servers end up seeing traffic as coming from either the private IP of the Load Balancer or the Docker container. When I manually pass in an 'X-Forwarded-For' header, I end up with the correct functionality.
I have tried using the Application Gateways, but given that I need to blacklist/whitelist TCP port activity I ended up running in to problems (i.e., the probes think there's a failure because they don't get a valid HTTP response).
Is there any configuration I can make/set that will ensure that the load balancers maintain the source IP information for all requests (i.e., whether adding an "X-Forwarded-For" header or prepending "PROXY TCP ..." to the request)?