I'm trying to configure a few apps behind Caddy as a reverse proxy for remote access, all running in Docker on my Synology NAS. However, the logs are only displaying the IP address of the Caddy network gateway, instead of the actual client IPs. For instance, with Jellyfin, I've done the following:
- Using a Cloudflare domain with DNS records set to DNS only.
- All apps are reverse proxied by Caddy in the same custom network (e.g., 172.20.0.0/24).
- My Caddyfile uses the container name and port instead of local IP addresses:
jellyfin.domain.com {
reverse_proxy jellyfin:8096
}
- I added the Caddy container name, IP address, gateway IP, subnet, and local host IP address in the trusted proxies field in Jellyfin.
- I attempted to send X-forwarded headers from Caddy with {remote_host} (which gives the Caddy network gateway IP) and {remote_ip} (which gives the Caddy container IP).
- Even when I run a Whoami container, I still get the Docker IP in X-Forwarded-For.
I've exhausted my options here and would appreciate any help!
2 Answers
To pass the real client IP from Caddy to your containers, you need to add proper headers in your reverse proxy configuration. You can modify your Caddyfile like this:
jellyfin.domain.com {
reverse_proxy jellyfin:8096 {
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
}
}
This should help you get the real IPs in the logs instead of the Caddy gateway IP.
If you want to see the actual IPs, make sure to enable the Cloudflare proxy, as that can help with passing the correct headers. You can check if `cf-connecting-ip` is present. Just be cautious, as Jellyfin might not require Cloudflare's proxy features depending on how you want to set it up.
I'd prefer not to enable the proxy since I'm running Jellyfin. Is there a way to get it working without that?
I tried adding those headers, but it still shows the Caddy network gateway IP. Any other suggestions?