this post was submitted on 16 Apr 2025

19 points (95.2% liked)

Selfhosted

46304 readers

607 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

[SOLVED] How to forward real IP from Caddy server? (lemmy.ca)

submitted 1 week ago* (last edited 1 week ago) by kionite231@lemmy.ca to c/selfhosted@lemmy.world

6 comments fedilink hide all child comments

Hello,

I have hosted azuracast in my minipc and I want to forward the IP of the song requester, right now it's only taking one IP the "podman container ip" so basically Azuracast thinks that every request is coming from the IP address 10.89.1.1 which is the IP of interface created by podman.

57: podman3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 0e:fa:6d:33:b9:39 brd ff:ff:ff:ff:ff:ff
    inet 10.89.1.1/24 brd 10.89.1.255 scope global podman3
       valid_lft forever preferred_lft forever
    inet6 fe80::b876:abff:fede:c3ef/64 scope link
       valid_lft forever preferred_lft forever

also I am explicitly forwarding the IP using X-Forwarded-Host.

reverse_proxy http://localhost:4000/ {
		header_up X-Forwarded-Host {host}
	}

I don't know how to resolve it, any help would be appreciated :)

Edit: I didn't had to so any of this stuff, what I should have done is just enabling "reverse proxy" option in Azuracast since Caddy forwards those headers by default unlike nginx. Thank you very much for helping me <3

top 6 comments

sorted by: hot top controversial new old

[–] Darkassassin07@lemmy.ca 9 points 1 week ago* (last edited 1 week ago) (1 children)

X-Forwarded-For

And

X-Real-IP

The application you're proxying also has to listen to these headers. Some don't, some need to be told they're ok to use. (if you enable them, but don't have a proxy in front, users can spoof their ip using them)

[–] kionite231@lemmy.ca 1 points 1 week ago (1 children)

ok I tried to add those two in my Caddyfile:

ac.ghodawalaaman.duckdns.org {
	reverse_proxy http://localhost:4000/ {
		header_up X-Forwarded-Host {host}
		header_up X-Forwarded-For {host}
		header_up X-Real-IP {host}
	}
}

here is the output of a request.

2025/04/16 15:52:17.005	WARN	http.handlers.reverse_proxy	aborting with incomplete response	{"upstream": "localhost:4000", "duration": 0.000995717, "request": {"remote_ip": "103.250.137.61", "remote_port": "19389", "client_ip": "103.250.137.61", "proto": "HTTP/3.0", "method": "GET", "host": "ac.ghodawalaaman.duckdns.org", "uri": "/static/vite_dist/assets/Roboto-Light-DHTugVNA.woff2", "headers": {"User-Agent": ["Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"], "Sec-Fetch-Dest": ["font"], "Accept-Encoding": ["identity"], "Cookie": ["REDACTED"], "Sec-Fetch-Mode": ["cors"], "Accept": ["application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8"], "Accept-Language": ["en-US,en;q=0.5"], "X-Forwarded-For": ["ac.ghodawalaaman.duckdns.org"], "X-Real-Ip": ["ac.ghodawalaaman.duckdns.org"], "Sec-Fetch-Site": ["same-origin"], "Alt-Used": ["ac.ghodawalaaman.duckdns.org"], "X-Forwarded-Host": ["ac.ghodawalaaman.duckdns.org"], "X-Forwarded-Proto": ["https"], "Referer": ["https://ac.ghodawalaaman.duckdns.org/static/vite_dist/assets/Layout-Cv860oWs.css"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h3", "server_name": "ac.ghodawalaaman.duckdns.org"}}, "error": "writing: H3_REQUEST_CANCELLED"}

I also tried this but it didn't work either:

ac.ghodawalaaman.duckdns.org {
    	log {
    	    output file ./azuracast.log
    	    format json
    	}
	reverse_proxy http://localhost:4000/ {
		header_up X-Forwarded-For {request.remote}
		header_up X-Real-IP {request.remote}
	}
}

here is the azuracast.log: https://0x0.st/8fd7.bin

I am still very confused why it's not working...

[–] Darkassassin07@lemmy.ca 3 points 1 week ago* (last edited 1 week ago) (1 children)

Actually it looks like Caddy is supposed to set those automatically (I'm used to Nginx which doesn't).

You'll have to look at why the upstream isn't accepting them then. I'm not familiar with azuracast.

[–] kionite231@lemmy.ca 4 points 1 week ago (1 children)

You’ll have to look at why the upstream isn’t accepting them then. I’m not familiar with azuracast.

yes you are right, I asked it in Azuracast discord server and they said I have to manually enable "reverse proxy" option.

Thank you so much for helping me <3

[–] skittlebrau@lemmy.world 1 points 1 week ago

To be fair, it is confusing and I don’t recall whether the caddy docs mention it. Some applications require you to set a field called ‘trusted proxies’ and others will just work straight away.

[–] irmadlad@lemmy.world 1 points 1 week ago* (last edited 1 week ago)

Ok so This is a bit outside my Caddy knowledge base, but I remember reading about the Caddy RealIP module: https://github.com/captncraig/caddy-realip. Sounds like maybe that would be something to investigate.

ETA: Oops looks like Darkassassin07 has you covered.