Use real IP in docker/podman container

1. Caddy version (caddy version):

# caddy version
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

2. How I run Caddy:

a. System environment:

Fedora CoreOS, systemd, podman

b. Command:

podman-compose up

c. Service/unit/compose file:

version: "3.7"


    image: caddy
    restart: unless-stopped
      - "80:80"
      - "443:443"
      # […]
      - caddy_data:/data
      - caddy_config:/config
      - ${HOME:?HOME variable missing}/caddy-config/Caddyfile:/etc/caddy/Caddyfile:ro,Z
      # […]
      # […]
      - MAIL_ACME=${MAIL_ACME:?MAIL_ACME variable missing}
      - io.containers.autoupdate=registry

    # always persist volume by forcing external creation
    external: true

d. My complete Caddyfile or JSON config:

ip.domainnamehere.tldhere {
	tls {$MAIL_ACME}

	respond "{}"

3. The problem I’m having:

Now, under ip.domainnamehere.tldhere I expect to get a response with the IP of the client that is accessing the server.

However, I get the IP of podman/Docker…

This is not what I expect. What can I do against that?

I know, I guess this is more of a Docker/podman question…

4. Error messages and/or full log output:


5. What I already tried:

I tried using {http.request.remote} instead, but again this just returns the port, too.

6. Links to relevant resources:

Okay, well… I can of course choose host networking, but that will expose all ports opened in my container and potentially is not what I want…

network_mode: "host"

Is there any better method with docker/podman?

I couldn’t say with certainty, because I don’t know how podman does its networking. But this issue seems like the relevant problem:

Well… yes it seems that was an issue, however:

Also it should be documented that apps will always see (or CNI IP) as the source address.

So… I don’t know whether that’s any better than

Anyway, seems this is indeed related to rootless podman containers, and network_mode: "host" solves the problem, so I’m fine with that and mark it as the answer for now…

Apparently you’re meant to use --network slirp4netns:port_handler=slirp4netns to get the fix

1 Like

The reason you were seeing that IP address is because of this change:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.