1. Caddy version (caddy version
):
v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=
2. How I run Caddy:
a. System environment:
Ubuntu 18.04.5 LTS running caddy via the systemd provided by the deb package. I build caddy via xcaddy
because I do Let’s Encrypt validation via Cloudflare DNS.
b. Command:
N/A
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
email <my email address>
}
testing.example.com {
reverse_proxy 127.0.0.1:8080
route /_api/* {
uri strip_prefix /_api
reverse_proxy 127.0.0.1:1323
}
encode zstd gzip
tls {
dns cloudflare <my DNS key here>
}
log {
output file /var/log/caddy/testing.example.com.log
format single_field common_log
}
}
3. The problem I’m having:
In Nginx its possible for me to set a list/set of IP ranges that I trust the X-Forwarded-For
header from, Nginx then works up that chain until it finds an IP it doesn’t trust and assumes that IP is the clients IP and uses it in its logs as the remote_ip
. I put Cloudflare in front of my Caddy server because I use their Access product to protect an application, as such I’ve now lost the original users IP address in my common_log
format logs that Caddy outputs.
Is there any way to restore this information in Caddy?
4. Error messages and/or full log output:
162.158.2.51 - - [23/Dec/2020:08:48:04 +1100] "GET / HTTP/2.0" 200 1734
Note Cloudflare’s IP, not the end users.
5. What I already tried:
I’ve seen this issue on GitHub but the conversation doesn’t appear to get resolved, I assume this is still the current state of things but thought I’d ask!
6. Links to relevant resources:
Cloudflare docs: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses
Nginx real_ip module: Module ngx_http_realip_module