Restrict IP access using remote_ip with reverse_proxy

jcan · June 21, 2022, 6:22pm

1. Caddy version (`caddy version`):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

Win Server 2019

b. Command:

C:\caddy2> caddy run --watch

c. Service/unit/compose file:

None

d. My complete Caddyfile or JSON config:

(add_custom_ssl_certificate) {
	tls C:\caddy2\ssl\star_imperial_edu_2022-2023.crt C:\caddy2\ssl\star_imperial_edu_2022-2023.key
}

(add_logging_with_path) {
	log {
		output file "{args.0}" {
			roll_size 100mb
			roll_keep 5
			roll_keep_for 720h
		}
		
		format json
		#format console
		#format single_field common_log
	}
}

appnavt.imperial.edu {  
    reverse_proxy http://v5nav.imperial.edu:8080
    
	# Imports:
	import add_custom_ssl_certificate
	import add_logging_with_path "C:\caddy2\logs\appnavt_imperial_edu_access.log"
}

3. The problem I’m having:

I want to restrict access to appnavt.imperial.edu to certain set of public IP addresses using remote_ip.
Where and how does remote_ip get coded for reverse_proxy shown? How to debug IP’s that are being filtered or allowed?

francislavoie · June 21, 2022, 7:20pm

That’s a pretty old version. Please upgrade to v2.5.1.

Define a named matcher, then apply it to a handler to do something with it.

Maybe something like this:

example.com {
	@allowed remote_ip 11.11.11.11 22.22.22.22 33.33.33.33
	handle @allowed {
		reverse_proxy myapp:8080
	}

	# Fallback for otherwise not matched handles
	handle {
		abort
	}
}

I don’t understand the question.

Check your logs.

jcan · June 21, 2022, 8:50pm

The example you provided showing layout using remote_ip with reverse_proxy is what I was looking for. Thank you

system · July 21, 2022, 6:22pm

This topic was automatically closed after 30 days. New replies are no longer allowed.