Caddy expose remote client

1. The problem I’m having:

I set caddy to expose my sonarr service on mydomain.com/sonarr/ which works, but I noticed that sonarr treats this connection as a “local address” which logins are bypassed for. Since I want to attempt to keep local addresses from needing to login, this is undesirable. Is there a way to treat my client requests as local only when actually on my local network?

2. Error messages and/or full log output:

No errors

3. Caddy version: 2.9.1

4. How I installed and ran Caddy:

Using docker compose

name: compose_stack
services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

a. System environment:

Caddy running in Docker Desktop, host machine is Windows 11. Sonarr installed natively in Windows 11.

b. Command:

used above docker compose to run caddy

c. Service/unit/compose file:

posted above

d. My complete Caddy config:

https://mydomain.com {
route /sonarr/* {
	reverse_proxy http://localip:localport
}

5. Links to relevant resources:

Caddy sends the real client’s IP via the X-Forwarded-For HTTP header. If Sonarr doesn’t use that header, it sees all connections as coming from Caddy’s local IP and treats them as local clients. In that case, you should update your Sonarr configuration to require authentication for all connections.