1. Caddy version (caddy version
):
Version 2.2.1, built with caddy-auth-jwt :
FROM caddy:2.2.1-builder AS builder
RUN xcaddy build \
--with github.com/greenpau/caddy-auth-jwt
FROM caddy:2.2.1
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
2. How I run Caddy:
a. System environment:
I run Caddy in docker, on a bridge network, on my Synology NAS.
As DNS challenge for OVH provider is not yet supported, I import my LE certificate in Caddy.
b. Command:
docker-compose up -d caddy
c. Compose file:
caddy:
container_name: caddy
restart: always
image : caddy-jwt
#build: .
network_mode: My_bridge
volumes:
- /volume1/docker/Caddy/caddyfile:/etc/caddy/Caddyfile
- /volume1/docker/Caddy/:/data
- /volume1/docker/Caddy/logs:/caddy/logs/
- /volume1/docker/CertbotOVH/Certificates:/Certificates:ro
ports:
- 2828:443
d. My complete Caddyfile :
my-domain.com {
tls /Certificates/fullchain.pem /Certificates/privkey.pem
log {
format json
output file /caddy/logs/caddy.log {
roll_size 10MiB
roll_keep 2
}
}
reverse_proxy 172.19.0.1:7773
redir /service1 /service1/
route /service1/* {
uri strip_prefix /service1
reverse_proxy service1:80
}
redir /service2 /service2/
route /service2/* {
jwt {
primary yes
allow group Admin
trusted_tokens {
static_secret {
token_name <MyToken>
token_secret <MySecret>
}
}
auth_url https://my-domain.com/service1
}
reverse_proxy service2:8787
}
redir /service3 /service3 /
route /service3 /* {
jwt
reverse_proxy service3 :9898
}
}
subdomain.my-domain.com {
log {
output file /caddy/logs/caddy.log {
roll_size 10MiB
roll_keep 2
}
}
tls /Certificates/fullchain.pem /Certificates/privkey.pem
reverse_proxy 192.168.1.115
}
3. The problem I’m having:
I forward the port 443 of my router on the 2828 port of the NAS, so caddy can redirect me through the right service.
My problem is that the IP shown in the log of my applications is the gateway of my docker bridge and not the remote IP address. Here is the log of service1 for example :
date":"2020-11-10T10:37:03Z","type":"error","username":"sss","ip":"172.19.0.1","message":"Login Function - Wrong Password
In fact, I think my applications interpretation seems good because in caddy’s log, the remote_addr
is also the bridge gateway :
....,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"172.19.0.1:57552","proto":"HTTP/2.0",...
What am I missing ?
4. What I already tried:
I searched for the same issue in this forum and on the net, with no luck. I also search for an “trusted_proxies” kind of setup in the caddy website, with no luck too.
But when I used caddy behind the Synology NGINX reverse proxy, I had the good remote IP !
Now I want to use Caddy as my primary reverse proxy (because Caddy is good and efficient ), but the IP address is not the remote one.