Restore Real IP to logs

1. Caddy version (caddy version):

v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

2. How I run Caddy:

a. System environment:

Ubuntu 18.04.5 LTS running caddy via the systemd provided by the deb package. I build caddy via xcaddy because I do Let’s Encrypt validation via Cloudflare DNS.

b. Command:

N/A

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

{
	email <my email address>
}

testing.example.com {
	reverse_proxy 127.0.0.1:8080
	route /_api/* {
		uri strip_prefix /_api
		reverse_proxy 127.0.0.1:1323
	}
	encode zstd gzip
	tls {
		dns cloudflare <my DNS key here>
	}
	log {
		output file /var/log/caddy/testing.example.com.log
		format single_field common_log
	}
}

3. The problem I’m having:

In Nginx its possible for me to set a list/set of IP ranges that I trust the X-Forwarded-For header from, Nginx then works up that chain until it finds an IP it doesn’t trust and assumes that IP is the clients IP and uses it in its logs as the remote_ip. I put Cloudflare in front of my Caddy server because I use their Access product to protect an application, as such I’ve now lost the original users IP address in my common_log format logs that Caddy outputs.

Is there any way to restore this information in Caddy?

4. Error messages and/or full log output:

162.158.2.51 - - [23/Dec/2020:08:48:04 +1100] "GET / HTTP/2.0" 200 1734

Note Cloudflare’s IP, not the end users.

5. What I already tried:

I’ve seen this issue on GitHub but the conversation doesn’t appear to get resolved, I assume this is still the current state of things but thought I’d ask!

6. Links to relevant resources:

Cloudflare docs: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses
Nginx real_ip module: Module ngx_http_realip_module

This module does that:

Perfect, thanks @francislavoie! I’ll give it a try and report back.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.