[SOLVED] Caddy changes my ip in reverse proxy

hey hi
I have ifconfig.co docker container
Docker Hub

with this command:

docker run -p 10080:8080 -d -v /tmp/geo/:/tmp/geo/ mpolden/echoip -c /tmp/geo/GeoLite2-City.mmdb -f /tmp/geo/GeoLite2-Country.mmdb -a /tmp/geo/GeoLite2-ASN.mmdb

it works when i connect this directly


curl -s  srv5.69b.ir:10080/json|jq
{
  "ip": "80.75.9.153",
  "ip_decimal": 1347094937,
  "country": "Iran",
  "country_iso": "IR",
  "country_eu": false,
  "latitude": 35.698,
  "longitude": 51.4115,
  "time_zone": "Asia/Tehran",
  "asn": "AS25184",
  "asn_org": "Afranet",
  "user_agent": {
    "product": "curl",
    "version": "7.80.0",
    "raw_value": "curl/7.80.0"
  }
}



but when i use caddy with reverse_proxy it shows my docker ip

image

my caddy config is:


root@mobin-13991227:/etc/caddy# cat Caddyfile
:80 {
        root * /usr/share/caddy
        file_server
reverse_proxy ip.69b.ir  {
        to 127.0.0.1:10080
  header_up Host {host} # redundant
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}  # redundant
        header_up X-Forwarded-Port {server_port} # redundant
        header_up X-Forwarded-Proto {scheme}
}
}


Your Caddyfile doesn’t make much sense – there’s no use to use both file_server and reverse_proxy at the same time, without request matchers. And you don’t need any of the header_up lines, they’re actually harmful in many cases. You can simplify it to this:

:80 {
	reverse_proxy 127.0.0.1:100080
}

That said, the reason you’re seeing Docker’s IP is because Docker often puts a userland proxy in front of containers, which transforms the TCP packets before they reach Caddy, making it look like the requests came from Docker itself. You can turn this off in Docker’s settings.

Next time, please fill out the help topic template. There’s bits missing from your post which make it confusing, e.g. how are you running the Caddy container, which version of Caddy are you running, etc.

2 Likes

According to GitHub - mpolden/echoip: IP address lookup service you have to apply an option to specify which header should be used to get the ip address (else the command doesn’t use any of the headers):

  -H value
    	Header to trust for remote IP, if present (e.g. X-Real-IP)

So the command to start the ifconfig.co container should be:

docker run -p 10080:8080 -d -v /tmp/geo/:/tmp/geo/ mpolden/echoip -c /tmp/geo/GeoLite2-City.mmdb -f /tmp/geo/GeoLite2-Country.mmdb -a /tmp/geo/GeoLite2-ASN.mmdb -H X-Forwarded-For
2 Likes

thanks sorry i`m not so much familiar with web servers,

how I can have separated reverse_proxy base on domains?

without caddy it works

saeb@work ~/V/T/sudoer.ir> curl -s http://srv5.69b.ir:10080/json|jq
{
  "ip": "80.75.9.153",
  "ip_decimal": 1347094937,
  "country": "Iran",
  "country_iso": "IR",
  "country_eu": false,
  "latitude": 35.698,
  "longitude": 51.4115,
  "time_zone": "Asia/Tehran",
  "asn": "AS25184",
  "asn_org": "Afranet",
  "user_agent": {
    "product": "curl",
    "version": "7.80.0",
    "raw_value": "curl/7.80.0"
  }
}

i`ll :sweat_smile:

I changed docker run command to

docker run -p 10080:8080 -d -v /tmp/geo/:/tmp/geo/ dockerhub.ir/mpolden/echoip -c /tmp/geo/GeoLite2-City.mmdb -f /tmp/geo/GeoLite2-Country.mmdb -a /tmp/geo/GeoLite2-ASN.mmdb -H X-Forwarded-For

still https://ip.69b.ir does not work right
image

Did you update your Caddyfile as I wrote above?

1 Like

yes and now it is working. thanks

cat /etc/caddy/Caddyfile
:80 {
reverse_proxy ip.69b.ir  {
        to 127.0.0.1:10080
}
}


FYI this probably won’t do what you expect. This will configure two upstreams, one being ip.69b.ir and the other 127.0.0.1:10080. Caddy will randomly pick one for each request.

In this case, I don’t think you mean to use two. So change it to just reverse_proxy 127.0.0.1:10080.

1 Like

how I can set different reverse proxies for different domains?

By using site addresses for each site block.

See how the Caddyfile is structured.

1 Like
saeb@mobin-13991227 ~> cat /etc/caddy/Caddyfile
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

ip.saeb.sbs:80 {
reverse_proxy localhost:10080
}
:80 {
        root * /usr/share/caddy
        file_server
}


it worked thanks