Caddy not forwading the correct IP address

1. Output of caddy version:

v2.5.2

2. How I run Caddy:

I’ve a Caddyfile that I run with caddy start on my VPS

a. System environment:

I use Arch btw

b. Command:

caddy start

c. Service/unit/compose file:

no

d. My complete Caddy config:

pp.sunney.dev {
      @plausible path /js/script.js /api/event
        handle @plausible {
                rewrite /js/script.js /js/script.js
                reverse_proxy https://analytics.sunney.dev {
                        header_up Host {http.reverse_proxy.upstream.hostport}
                }
        }
}

analytics.sunney.dev {
        reverse_proxy localhost:8000
}

3. The problem I’m having:

I’m trying to redirect requests from pp.sunney.dev to analytics.sunney.dev on the following paths:

  • /api/event
  • /js/script.js

It works, but instead of passing the actual remote’s IP address, it passes it’s own (my own VPS’s IP address on the X-Forwarded-For header)

What received headers look like when I’m sending the request from my Chrome Browser:
(removed some headers that were not related to this problem)

{
  host: 'pp.sunney.dev:443',
  'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36',
  'x-forwarded-for': '88.99.124.77', // MY VPS IP
  'x-forwarded-host': 'pp.sunney.dev:443',
  'x-forwarded-proto': 'https'
}

But, x-forwarded-host above should be my actual IP, that I sent the request from, not my VPS’s IP.

Hope you understand the issue I’m having.

4. Error messages and/or full log output:

No errors

5. What I already tried:

6. Links to relevant resources:

Plausible docs on the Caddyfile I used.

Fixed by providing trusted_proxies to trust pp.sunney.dev’s IP address.

2 Likes