Zoneminder only sees Caddy's IP

it101 · November 30, 2018, 2:29pm

I am setting up a new install of Zoneminder so I can see my security cameras without having to log into my network. Right now everything is internal until I can setup fail2ban and ufw on my ZM (ZoneMinder) server. I have fail2ban working if you access ZM directly but if you go through Caddy, all it sees is Caddy’s IP.

I have tried using a few different settings in my caddyfile right now I have:

https://zm.thomastech.us {
  gzip
  header / {
    Strict-Transport-Security "max-age=31536000;"
    Referrer-Policy "no-referrer"
  }
  tls /srv/thomastech.us.crt /srv/thomastech.us.key
  proxy / https://tt-zoneminder.thomastech.us/ {
    insecure_skip_verify
    transparent
    websocket
  }
}

I have also tried explicitly setting the header_upstream values instead of using “transparent” and nothing changes. Is this a setting I need to find in ZM/apache2 on my ZM server or am I missing something with caddy? I remember having this issue with my Home Assistant server and had to set a switch in that server’s config so it knew to “use_x_forwarded_for” is there something for apache2 like that?

Thanks for the help.

it101 · November 30, 2018, 5:10pm

It was in the apache2 config.
I had to enable the apache2 remoteip mod.
Then create the remoteip.conf file to set the RemoteIPHeader and RemoteIPInternalProxy
Then edit my apache2 config file to log the correct IP
Then enable the remoteip conf
Finally test the apache2 config and restart it.

Its working now and Fail2Ban can see the correct IP

system · February 28, 2019, 5:10pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.