1. The problem I’m having:
I’ve caddy setup with a block to show maintenance page when coming from any ip other than our public ip, it works find when cloudflare proxy is not enabled. Once cloudflare is enabled it doesn’t work even though all configurations looks right.
Forgot to mention, it always shows the maintenance page i.e index.html from /home/ubuntu/maintenance
The idea is during maintenance want to show the maintenance page for everyone but we should be able to access and test it out internally.
May be we’re configuring something wrong, we know when coming through cloudflare the public ip’s will be coming differently, therefore we tried to add the headers as you see in the file using CF-Connecting-IP but still no luck.
Also tried removing forwarded next to remote_ip
Any help would be appreciated, thanks in advance.
2. Error messages and/or full log output:
no errors, just not showing the right content
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
Built using xcaddy with following plugins
xcaddy build --with GitHub - techknowlogick/certmagic-s3 --with GitHub - caddy-dns/cloudflare: Caddy module: dns.providers.cloudflare --with GitHub - caddy-dns/powerdns: Caddy module: dns.providers.powerdns --with GitHub - WeidiDeng/caddy-cloudflare-ip
a. System environment:
Ubuntu 20.04
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
No docker, running directly
d. My complete Caddy config:
{
debug
log {
format console
output file /var/log/caddy/caddy.log {
roll_size 10mb
roll_keep 20
roll_keep_for 720h
}
}
on_demand_tls {
ask http://127.0.0.1:8080/authorize
interval 2m
burst 5
}
servers {
trusted_proxies cloudflare
}
}
example.org, www.example.org {
tls admin@example.org {
dns cloudflare {env.CLOUDFLARE_AUTH_TOKEN}
}
header X-Forwarded-For {http.request.header.CF-Connecting-IP}
header X-Real-IP {http.request.header.CF-Connecting-IP}
@www header_regexp www Host ^www\.(.*)$
redir @www https://{re.www.1} permanent
@maintenance {
path /*
not remote_ip forwarded 1.2.3.4
}
handle @maintenance {
file_server {
root /home/ubuntu/maintenance
}
}
reverse_proxy :8080 {
# this works
}
}
5. Links to relevant resources:
Tried with commenting these lines
header X-Forwarded-For {http.request.header.CF-Connecting-IP}
header X-Real-IP {http.request.header.CF-Connecting-IP}
Note: 1.2.3.4 replaced with our exact public ip address