-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Caddy as reverse proxy returns Docker net IP #42
Comments
Seems I'm having the same issue with LetsEncrypt and Traefik. From what I can tell, the request handler is using "r.RemoteAddr" which is not looking at the actual forwarded headers. It should look for X-Forwarded-For This makes it kind of difficult to run behind a reverse proxy, unless I'm missing something here. There do seem to be a few methods for accomplishing this with Go. |
I'm running docker-ddns behind Caddy as well, there's nothing special:
Since docker-ddns does not use the REMOTE_ADDR request header but you have to pass you address manually (see the Hope this helps. I don't know why in your case it takes the Docker network's IP address when the addr query param is empty but I didn't work with the code base for a longer time and I'm short in time so I cannot check right now. |
Thanks for your reply! I do understand that the IP can be defined in the request manually, it does read the IP if you leave the addr= empty. If I run this without a reverse proxy, it works fine. Similar issue here: After some research into this, it seems that RemoteAddr only looks at the "last hop", which is going to be whatever the docker net IP of Caddy is. https://husobee.github.io/golang/ip-address/2015/12/17/remote-ip-go.html It does appear that "request_handler.go" is using RemoteAddr on line 56:
I'm using this to manage a number of edge computing devices as part of a larger project, so the ability to remotely detect and update the A record for each FQDN is fantastic. I could request the IP a dozen other ways and simply add it to the curl, but that's no fun. :) I may sit down this weekend and brush up on some Go. If I something put together to read the "X-Forwarded-For", "X-Real-Ip" headers I'll submit a PR. |
This does not need any code change. You can just pass the value in the right place on your reverse proxy.
The idea is that you can take out the header you are interested in at the proxy level and append it to the query string. |
I have placed docker-ddns behind a Caddy reverse proxy, but it appears any requests are showing from the docker container IP. Examples:
ddns-sweet | 2019/12/23 20:04:39 A record update request: bar -> 172.18.0.3 caddy-gen | caddy.1 | <public_ip> - - [23/Dec/2019:20:04:39 +0000] "GET /update?secret=<secret_key>&domain=bar&addr= HTTP/2.0" 200 144
I'm not sure exactly how to pass the correct public IP through Caddy to docker-ddns. It seems Caddy is seeing the correct IP, but the actualy GET is coming into docker-ddns from Caddy, so this is the IP it's taking.
The text was updated successfully, but these errors were encountered: