I’m just wondering if there is a v2 equivalent for the realip plugin. In v1 I used to use realip cloudflare in my caddyfile and I’d like to keep that functionality in v2.
honestly i’m okay with anything that accomplishes the below purpose. I’m not familiar with caddy v2 well enough to say yay or nay to any particular way to do things.
This plugin allows you to see the actual client IP from X-Forwarded-For headers if you are running behind a CDN or Proxy. It will make it so logs and other downstream directives will see the actual client IP, not the proxy’s. Implements security measures so that X-Forwarded-For cannot be spoofed from unauthorized IP ranges.
Do we think it’s a common enough occurrence for us to have a directive in the v2 Caddyfile specifically for this, like strip_suffix et al?
Could be something like realip [header...] where it by default pulls from X-Real-IP, else X-Forwarded-For, or you can override it with a header list to check sequentially and use the first one with an IP.
I guess. It’s super simple, but it’s up to @matt if he’s willing to have it in core.
Probably the most controversial thing in the v1 plugin from having it in core I’d say is the provider placeholders like cloudflare. I don’t think it’s a huge ask to just let users manage that themselves in their Caddyfile with a snippet or something for the matcher.
Yeah, once we talk provider specific IP whitelists and such it really doesn’t seem worth it, just different syntax over maybe one or two lines fewer. So maybe not a directive. Your pseudo Caddyfile looks good.