1. The problem I’m having:
Hi, I have Caddy running on a docker container, my goal is to proxy the request just if the request is coming from my local network. However, I have noticed that it does not work because all the request looks like the following
2025/06/08 17:21:20.202 INFO http.log.access.log0 handled request {"request": {"remote_ip": "::1", "remote_port": "57778", "client_ip": "::1", "proto": "HTTP/2.0", "method": "GET", "host": "home.mywebsite.ovh", "uri": "/", "headers": {"Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "Upgrade-Insecure-Requests": ["1"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-Site": ["cross-site"], "Te": ["trailers"], "Accept-Language": ["it,it-IT;q=0.8,de-AT;q=0.5,en-US;q=0.3"], "Sec-Fetch-Dest": ["document"], "Sec-Gpc": ["1"], "Accept-Encoding": ["gzip, deflate, br, zstd"], "User-Agent": ["Mozilla/5.0 (Android 14; Mobile; rv:139.0) Gecko/139.0 Firefox/139.0"], "Dnt": ["1"], "Priority": ["u=0, i"]}, "tls": {"resumed": true, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "home.mywebsite.ovh"}}, "bytes_read": 0, "user_id": "", "duration": 0.000034761, "size": 13, "status": 403, "resp_headers": {"Server": ["Caddy"], "Alt-Svc": ["h3=\":443\"; ma=2592000"], "Content-Type": ["text/plain; charset=utf-8"]}}
remote_ip and client_ip point always to “::1”. I suspect it is a problem with the docker-configuration but I don’t know how to solve it.
I have also tried to add
"userland-proxy": false
to docker daemon configuration but without success.
Any idea? Thanks!
2. Error messages and/or full log output:
{"level":"info","ts":1749406198.9401512,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":9384420556,"previous":9223372036854775807}
{"level":"info","ts":1749406198.944959,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
{"level":"info","ts":1749406198.9476306,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1749406198.9476507,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1749406198.9626577,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1749406198.9641798,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1749406198.964276,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1749406198.9648054,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0005f4600"}
{"level":"info","ts":1749406198.9653592,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1749406198.9656465,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
{"level":"info","ts":1749406198.9658737,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"warn","ts":1749406198.9659455,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"warn","ts":1749406198.9659514,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"info","ts":1749406198.9659564,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1749406198.9659605,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["home.mywebsite.ovh"]}
{"level":"info","ts":1749406199.0755384,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1749406199.0756292,"msg":"serving initial configuration"}
{"level":"info","ts":1749406199.085457,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"24aed1c8-298e-448d-921b-f8144dc35a56","try_again":1749492599.0854526,"try_again_in":86399.999999469}
{"level":"info","ts":1749406199.0858483,"logger":"tls","msg":"finished cleaning storage units"}
2025/06/08 18:10:03.562 INFO http.log.access.log0 handled request {"request": {"remote_ip": "::1", "remote_port": "60952", "client_ip": "::1", "proto": "HTTP/2.0", "method": "GET", "host": "home.mywebsite.ovh", "uri": "/", "headers": {"Dnt": ["1"], "Sec-Gpc": ["1"], "Upgrade-Insecure-Requests": ["1"], "Sec-Fetch-Mode": ["navigate"], "User-Agent": ["Mozilla/5.0 (Android 14; Mobile; rv:139.0) Gecko/139.0 Firefox/139.0"], "Sec-Fetch-Dest": ["document"], "Priority": ["u=0, i"], "Te": ["trailers"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "Accept-Language": ["it,it-IT;q=0.8,de-AT;q=0.5,en-US;q=0.3"], "Accept-Encoding": ["gzip, deflate, br, zstd"], "Sec-Fetch-Site": ["cross-site"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "home.viglianisi.ovh"}}, "bytes_read": 0, "user_id": "", "duration": 0.00006699, "size": 13, "status": 403, "resp_headers": {"Content-Type": ["text/plain; charset=utf-8"], "Server": ["Caddy"], "Alt-Svc": ["h3=\":443\"; ma=2592000"]}}
3. Caddy version:
v2.10.0
4. How I installed and ran Caddy:
a. System environment:
Distro: Linux Mint 22.1 Xia
base: Ubuntu 24.04 noble
Running on Docker Desktop 4.42.0
b. Command:
docker-compose up
c. Service/unit/compose file:
services:
caddy:
image: caddy:alpine
restart: unless-stopped
container_name: caddy
ports:
- "80:80"
- "443:443"
network_mode: host
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./certs:/certs
- ./config:/config
- ./data:/data
- ./sites:/srv
d. My complete Caddy config:
https://home.mywebsite.ovh:443 {
@internal {
remote_ip 10.0.0.0/24 ::1 127.0.0.1
}
handle @internal {
reverse_proxy localhost:3000
}
respond "Access Denied" 403
log {
output stdout
format console
}
}