How I Can allow remote_ip from VPN and Local

yevgeny_hong · December 6, 2021, 7:59am

1. Caddy version (`caddy version`):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

systemctl start caddy

a. System environment:

Ubuntu 20.04

b. Command:

vi /etc/caddy/Caddyfile
systemctl restart caddy

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

http://gitlab.myserver.com {

        @allow_ip {
                remote_ip AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
        }


        handle @allow_ip {
                reverse_proxy 192.168.CCC.CCC:10000
        }

        templates
        header Content-Type text/plain
        encode zstd gzip
        respond "failed {{.RemoteIP}}" 404
}

https://gitlab.myserver.com {
        redir http://{host}{uri}
}

3. The problem I’m having:

Now i am trying to allow only local network users and VPN access users
so i put the remote_ip with network public ip and local ip
and it works for local user but it did not work for VPN user

i think to Caddy did not recognize the VPN ip address and that recognize to public ip of client without VPN

because i set the respond to {{.RemoteIP}} and that shows the public ip of client without VPN
but when i search “what is my ip address” on google i can get result to VPN public IP address

it have any way to get another ip address for client?

4. Error messages and/or full log output:

5. What I already tried:

i already test forwarded option but it not work
i thought it need another option for get ip address of client but i cannot found

6. Links to relevant resources:

francislavoie · December 6, 2021, 4:40pm

I’m not really sure I understand what you’re trying to do or what the problem is. But you can get the remote IP with the {remote_host} placeholder.

If you’re trying to block access by IP, the remote_ip matcher is the right thing to use:

Could you explain in more detail what you want to see happen, and what you’re seeing happen with your existing config? Make requests with curl -v to show us. Enable the debug global option and share what’s in Caddy’s logs.

You probably want to wrap your last 4 lines of that config in a handle with no matcher, to isolate those directives from affecting the reverse_proxy. The handle directive defines mutually exclusive handlers, so only the first matching handle will be run. Otherwise, they will run according to the Caddyfile’s predetermined directive order:

yevgeny_hong · December 7, 2021, 3:03am

Thank you for answer

i am sorry for my bad English

i thought to i having a problem with {remote_host}.

when i access my server with out side network. {remote_host} shows 99.99.99.99(example)
but if i access my server with VPN, also {remote_host} shows 99.99.99.99
and when i test VPN with ipaddress.my for checking my ip address. it shows VPN ip address

but it was not Caddy’s problem, maybe that reason of my VPN and server

i wanted to using my gitlab server for only local user and vpn user.
for now i think that was wrong way to implementing. i will find another way to implementing.

Thank you.

francislavoie · December 7, 2021, 3:21am

Hmm. I think your VPN might not be configured to resolve the domain of your gitlab to a “LAN” IP address of your server inside your VPN, so the packets end up going the same way as usual (over the internet, not over the VPN). You might need to adjust the resolver settings in your VPN, I think. Something like that.

system · January 5, 2022, 7:59am

This topic was automatically closed after 30 days. New replies are no longer allowed.