1. The problem I’m having:
I want to be able to add the trusted_proxies so it trusts the cloudflare IP addresses and passes the client IP correctly.
2. Error messages and/or full log output:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
3. Caddy version:
2.10.0
4. How I installed and ran Caddy:
Caddy with Cloudflare module.
I also have an import on the file for headers labeled as
import /etc/caddy/caddy_security.conf
a. System environment:
Raspberry Pi 4b
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
*.cinefuze.com {
tls {
dns cloudflare *******************************
resolvers 1.1.1.1
}
reverse_proxy /tautulli* 192.168.55.205:8181
reverse_proxy /radarr* 192.168.55.207:7878
reverse_proxy /sonarr* 192.168.55.207:8989
reverse_proxy /info* 192.168.55.205:5960
reverse_proxy /lidarr* 192.168.55.207:8686
reverse_proxy /sabnzbd* 192.168.55.207:8080/sabnzbd
@jellystat host jellystat.cinefuze.com
handle @jellystat {
reverse_proxy 192.168.55.205:3000
}
@emby host emby.cinefuze.com
handle @emby {
reverse_proxy 192.168.55.205:8096
}
@overseerr host overseerr.cinefuze.com
handle @overseerr {
reverse_proxy 192.168.55.205:5056
}
@jellyseerr host jellyseerr.cinefuze.com
handle @jellyseerr {
reverse_proxy 192.168.55.205:5055
}
@embytest host embytest.cinefuze.com
handle @embytest {
reverse_proxy 192.168.55.207:8096
}
import /etc/caddy/caddy_security.conf
}
#Security headers for cinefuze.com caddyfile
header /* {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
Server "No."
5. Links to relevant resources:
I wish to add the cloudflare IPs like below but am unsure where to put it.
servers {
trusted_proxies static 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22
trusted_proxies_strict
}
