1. The problem I’m having:
I am currently using Caddy as a Reverse Proxy with an Apache 2 backend server, and it’s working fine.
Previously, I used Nginx Reverse Proxy.
In Nginx, I used the following:
The transparent parameter in the nginx proxy_bind directive enables a special feature called transparent proxying. When using the transparent parameter, nginx sets the IP_TRANSPARENT socket option. This Linux kernel-level feature allows the application to bind to IP addresses that do not exist locally and to preserve the original client IP address when communicating with the backend server.
I needed this because I have domains that are proxied by CDN (Cloudflare, Bunny, etc.) and others that are in DNS-only mode, so without any configuration, the visitor’s IP address appeared in my backend server logs.
My question is, are you planning to implement this level of transparency in Caddy, or will you remain completely automatic with the X-Forwarded-For and similar header settings?
2. Error messages and/or full log output:
3. Caddy version:
v2.9.1
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04
b. Command:
xcaddy build v2.9.1 --with github.com/corazawaf/coraza-caddy/v2@latest --with github.com/caddyserver/transform-encoder --with github.com/caddyserver/certmagic@master
c. Service/unit/compose file:
[Unit]
Description=Caddy
After=network.target
[Service]
User=root
Group=root
ExecStart=/opt/caddy/caddy run --config /opt/caddy/config.json
ExecReload=/opt/caddy/caddy reload --force --config /opt/caddy/caddy/config.json
Restart=no
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
I deleted a few basic lines to make it clearer.
{
"logging": {
"logs": {
"default": {
"level": "INFO",
"encoder": {
"format": "json"
},
"writer": {
"filename": "/var/log/custom-caddy/current.log",
"output": "file",
"roll_keep": 7,
"roll_keep_days": 7
},
"exclude": ["tls"]
},
"requests_logs": {
"level": "DEBUG",
"encoder": {
"format": "transform",
"template": "{request>remote_ip} - {request>host} - [{ts}] '{request>method} {request>uri} {request>proto}' {status} {request>headers>User-Agent} {size}",
"time_format": "02/Jan/2006:15:04:05",
"time_local": true
},
"writer": {
"filename": "/var/log/custom-caddy/current.log",
"output": "file"
},
"include": ["http.handlers.reverse_proxy"]
},
"tls_logs": {
"level": "INFO",
"encoder": {
"format": "json"
},
"writer": {
"filename": "/var/log/custom-caddy/tls.log",
"output": "file",
"roll_keep": 7,
"roll_keep_days": 7
},
"include": ["tls"]
}
}
},
"apps": {
"http": {
"http_port": 80,
"https_port": 443,
"servers": {
"srv0": {
"listen": [
"80"
],
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http"
},
"upstreams": [
{
"dial": "[{http.request.local.host}]:8080"
}
]
}
],
"match": [
{
"host": [
"{http.request.host}"
]
}
],
"terminal": true
}
]
},
"srv1": {
"listen": [
":443"
],
"automatic_https": {
"disable_redirects": true
},
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"tls": {
"insecure_skip_verify": true
}
},
"upstreams": [
{
"dial": "[{http.request.local.host}]:8443"
}
]
}
],
"match": [
{
"host": [
"example.com"
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {},
"cache": {
"capacity": 100000
},
"certificates": {
"load_files": [
{
"certificate": "template",
"key": "template",
"tags": [
"example.com"
]
}
]
}
}
}
}