Getting real ip on docker for mac

celllulosa · April 21, 2024, 2:10pm

Heya thanks for getting back.

I edited my Caddyfile as follows:

{
	servers {
		trusted_proxies static private_ranges
		client_ip_headers Cf-Connecting-Ip
	}
}

cloudflared-ip.{$MY_DOMAIN} {
	templates
	respond "{{.RemoteIP}} - {http.request.header.CF-Connecting-IP}"
}

ip.{$MY_DOMAIN} {
	templates
	respond "{{.RemoteIP}} - {http.request.header.X-Forwarded-For}"
}

and can now see as response from cloudflared-ip.{$MY_DOMAIN} being:

172.18.0.2 - x.x.x.x

and this is the access log response:

{"level":"info","ts":1713708421.535578,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"172.18.0.2","remote_port":"39862","client_ip":"x.x.x.x","proto":"HTTP/1.1","method":"GET","host":"cloudflared-ip.{$MY_DOMAIN}","uri":"/","headers":{"X-Forwarded-For":["x.x.x.x"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/125.1  Mobile/15E148 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Cf-Connecting-Ip":["x.x.x.x"],"Cf-Ipcountry":["GB"],"Cf-Warp-Tag-Id":["568e778c-6fe2-4416-b858-775b54ff9d9a"],"Sec-Fetch-Dest":["document"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Pragma":["no-cache"],"Sec-Fetch-Site":["none"],"Accept-Encoding":["gzip, br"],"Cache-Control":["no-cache"],"Cf-Ray":["877df0225f4e891e-LHR"],"Connection":["keep-alive"],"Cookie":[],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"cloudflared-ip.{$MY_DOMAIN}"}},"bytes_read":0,"user_id":"","duration":0.000508709,"size":42,"status":200,"resp_headers":{"Content-Type":["text/plain; charset=utf-8"],"Content-Length":["42"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}

Is this how it’s supposed to work? I am only asking because on a local service (jellyfin) I can still see the wrong address being logged (that is the local one: 172.19.0.1 as opposed to the x.x.x.x one).

the ip.{$MY_DOMAIN} on the other hand responds with:

172.19.0.1 -