Passthrough real IP to proxied service

lordzeus · March 19, 2026, 9:43pm

1. The problem I’m having:


I am trying to pass through the IP from the client to the reverse proxied item. For example, if my public IP address is 100.100.100.1, I want the reverse proxy item to see it as that, instead of the IP address of the machine running caddy (Service is on separate VM)
```

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

```

v2.11.2 h1:iOlpsSiSKqEW+SIXrcZsZ/NO74SzB/ycqqvAIEfIm64=

```

4. How I installed and ran Caddy:

I installed on the host with the default linux install. Adding keyring, and installing via apt.
```

a. System environment:

Running debian, installed on bare metal with apt
```

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

```
{
        servers {
                trusted_proxies static 0.0.0.0/0
        }
}
jellyfin.mydomain.com {
  reverse_proxy 10.0.1.150:8096
}
```

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

techjedialex · March 19, 2026, 10:14pm

Set this to the IP address of the machine running Caddy, or at least to private_ranges.

Judging by the domain, as you are proxying to Jellyfin, refer to its documentation for how to obtain the correct client IP.

timelordx · March 19, 2026, 11:55pm

Caddy is passing the real client’s IP via X-Forwarded-For HTTP header. That’s where you’ll find the information you’re looking for.

Refer to Jellyfin documentation for more details on how to use that information.

lordzeus · April 6, 2026, 7:50pm

For those in the future, it was in the jellyfin documentation. you need to set the ‘known proxies’ to the IP of the machine running caddy under the networking tab.

I did some research and I believe the trusted_proxies and the X-Forwarded-For header both have what I need should I need it in the future. Thanks everyone!

Marking this as the solution since both above replies are correct, but for Jellyfin I didn’t have to change caddy config at all.