[SOLVED] Caddy changes my ip in reverse proxy

saeb · November 20, 2021, 10:50am

hey hi
I have ifconfig.co docker container
Docker Hub

with this command:

docker run -p 10080:8080 -d -v /tmp/geo/:/tmp/geo/ mpolden/echoip -c /tmp/geo/GeoLite2-City.mmdb -f /tmp/geo/GeoLite2-Country.mmdb -a /tmp/geo/GeoLite2-ASN.mmdb

it works when i connect this directly


curl -s  srv5.69b.ir:10080/json|jq
{
  "ip": "80.75.9.153",
  "ip_decimal": 1347094937,
  "country": "Iran",
  "country_iso": "IR",
  "country_eu": false,
  "latitude": 35.698,
  "longitude": 51.4115,
  "time_zone": "Asia/Tehran",
  "asn": "AS25184",
  "asn_org": "Afranet",
  "user_agent": {
    "product": "curl",
    "version": "7.80.0",
    "raw_value": "curl/7.80.0"
  }
}

but when i use caddy with reverse_proxy it shows my docker ip

my caddy config is:


root@mobin-13991227:/etc/caddy# cat Caddyfile
:80 {
        root * /usr/share/caddy
        file_server
reverse_proxy ip.69b.ir  {
        to 127.0.0.1:10080
  header_up Host {host} # redundant
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}  # redundant
        header_up X-Forwarded-Port {server_port} # redundant
        header_up X-Forwarded-Proto {scheme}
}
}

francislavoie · November 20, 2021, 7:01pm

Your Caddyfile doesn’t make much sense – there’s no use to use both file_server and reverse_proxy at the same time, without request matchers. And you don’t need any of the header_up lines, they’re actually harmful in many cases. You can simplify it to this:

:80 {
	reverse_proxy 127.0.0.1:100080
}

That said, the reason you’re seeing Docker’s IP is because Docker often puts a userland proxy in front of containers, which transforms the TCP packets before they reach Caddy, making it look like the requests came from Docker itself. You can turn this off in Docker’s settings.

Next time, please fill out the help topic template. There’s bits missing from your post which make it confusing, e.g. how are you running the Caddy container, which version of Caddy are you running, etc.

jok · November 20, 2021, 8:11pm

According to GitHub - mpolden/echoip: IP address lookup service you have to apply an option to specify which header should be used to get the ip address (else the command doesn’t use any of the headers):

  -H value
    	Header to trust for remote IP, if present (e.g. X-Real-IP)

So the command to start the ifconfig.co container should be:

docker run -p 10080:8080 -d -v /tmp/geo/:/tmp/geo/ mpolden/echoip -c /tmp/geo/GeoLite2-City.mmdb -f /tmp/geo/GeoLite2-Country.mmdb -a /tmp/geo/GeoLite2-ASN.mmdb -H X-Forwarded-For

saeb · November 21, 2021, 5:05am

thanks sorry i`m not so much familiar with web servers,

how I can have separated reverse_proxy base on domains?

without caddy it works

saeb@work ~/V/T/sudoer.ir> curl -s http://srv5.69b.ir:10080/json|jq
{
  "ip": "80.75.9.153",
  "ip_decimal": 1347094937,
  "country": "Iran",
  "country_iso": "IR",
  "country_eu": false,
  "latitude": 35.698,
  "longitude": 51.4115,
  "time_zone": "Asia/Tehran",
  "asn": "AS25184",
  "asn_org": "Afranet",
  "user_agent": {
    "product": "curl",
    "version": "7.80.0",
    "raw_value": "curl/7.80.0"
  }
}

i`ll

saeb · November 21, 2021, 5:11am

I changed docker run command to

docker run -p 10080:8080 -d -v /tmp/geo/:/tmp/geo/ dockerhub.ir/mpolden/echoip -c /tmp/geo/GeoLite2-City.mmdb -f /tmp/geo/GeoLite2-Country.mmdb -a /tmp/geo/GeoLite2-ASN.mmdb -H X-Forwarded-For

still https://ip.69b.ir does not work right

francislavoie · November 21, 2021, 9:12am

Did you update your Caddyfile as I wrote above?

saeb · November 21, 2021, 9:33am

yes and now it is working. thanks

cat /etc/caddy/Caddyfile
:80 {
reverse_proxy ip.69b.ir  {
        to 127.0.0.1:10080
}
}

francislavoie · November 21, 2021, 9:35am

FYI this probably won’t do what you expect. This will configure two upstreams, one being ip.69b.ir and the other 127.0.0.1:10080. Caddy will randomly pick one for each request.

In this case, I don’t think you mean to use two. So change it to just reverse_proxy 127.0.0.1:10080.

saeb · November 21, 2021, 9:36am

how I can set different reverse proxies for different domains?

francislavoie · November 21, 2021, 9:40am

By using site addresses for each site block.

See how the Caddyfile is structured.

saeb · November 21, 2021, 11:10am

saeb@mobin-13991227 ~> cat /etc/caddy/Caddyfile
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

ip.saeb.sbs:80 {
reverse_proxy localhost:10080
}
:80 {
        root * /usr/share/caddy
        file_server
}

it worked thanks

system · December 20, 2021, 10:51am

This topic was automatically closed after 30 days. New replies are no longer allowed.