azorius.aria.company

[SOLVED] How to forward real IP from Caddy server?
from kionite231@lemmy.ca to selfhosted@lemmy.world on 16 Apr 15:02
https://lemmy.ca/post/42398188

Hello,

I have hosted azuracast in my minipc and I want to forward the IP of the song requester, right now it’s only taking one IP the “podman container ip” so basically Azuracast thinks that every request is coming from the IP address 10.89.1.1 which is the IP of interface created by podman.

57: podman3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 0e:fa:6d:33:b9:39 brd ff:ff:ff:ff:ff:ff
    inet 10.89.1.1/24 brd 10.89.1.255 scope global podman3
       valid_lft forever preferred_lft forever
    inet6 fe80::b876:abff:fede:c3ef/64 scope link
       valid_lft forever preferred_lft forever

also I am explicitly forwarding the IP using X-Forwarded-Host.

reverse_proxy http://localhost:4000/ {
		header_up X-Forwarded-Host {host}
	}

I don’t know how to resolve it, any help would be appreciated :)

Edit: I didn’t had to so any of this stuff, what I should have done is just enabling “reverse proxy” option in Azuracast since Caddy forwards those headers by default unlike nginx. Thank you very much for helping me <3

#selfhosted

threaded - newest

Darkassassin07@lemmy.ca on 16 Apr 15:30 next collapse

X-Forwarded-For

And

X-Real-IP

The application you’re proxying also has to listen to these headers. Some don’t, some need to be told they’re ok to use. (if you enable them, but don’t have a proxy in front, users can spoof their ip using them)

kionite231@lemmy.ca on 16 Apr 16:08 collapse

ok I tried to add those two in my Caddyfile:

ac.ghodawalaaman.duckdns.org {
	reverse_proxy http://localhost:4000/ {
		header_up X-Forwarded-Host {host}
		header_up X-Forwarded-For {host}
		header_up X-Real-IP {host}
	}
}

here is the output of a request.

2025/04/16 15:52:17.005	WARN	http.handlers.reverse_proxy	aborting with incomplete response	{"upstream": "localhost:4000", "duration": 0.000995717, "request": {"remote_ip": "103.250.137.61", "remote_port": "19389", "client_ip": "103.250.137.61", "proto": "HTTP/3.0", "method": "GET", "host": "ac.ghodawalaaman.duckdns.org", "uri": "/static/vite_dist/assets/Roboto-Light-DHTugVNA.woff2", "headers": {"User-Agent": ["Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"], "Sec-Fetch-Dest": ["font"], "Accept-Encoding": ["identity"], "Cookie": ["REDACTED"], "Sec-Fetch-Mode": ["cors"], "Accept": ["application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8"], "Accept-Language": ["en-US,en;q=0.5"], "X-Forwarded-For": ["ac.ghodawalaaman.duckdns.org"], "X-Real-Ip": ["ac.ghodawalaaman.duckdns.org"], "Sec-Fetch-Site": ["same-origin"], "Alt-Used": ["ac.ghodawalaaman.duckdns.org"], "X-Forwarded-Host": ["ac.ghodawalaaman.duckdns.org"], "X-Forwarded-Proto": ["https"], "Referer": ["https://ac.ghodawalaaman.duckdns.org/static/vite_dist/assets/Layout-Cv860oWs.css"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h3", "server_name": "ac.ghodawalaaman.duckdns.org"}}, "error": "writing: H3_REQUEST_CANCELLED"}

I also tried this but it didn’t work either:

ac.ghodawalaaman.duckdns.org {
    	log {
    	    output file ./azuracast.log
    	    format json
    	}
	reverse_proxy http://localhost:4000/ {
		header_up X-Forwarded-For {request.remote}
		header_up X-Real-IP {request.remote}
	}
}

here is the azuracast.log: 0x0.st/8fd7.bin

I am still very confused why it’s not working…

Darkassassin07@lemmy.ca on 16 Apr 16:16 collapse

Actually it looks like Caddy is supposed to set those automatically (I’m used to Nginx which doesn’t).

You’ll have to look at why the upstream isn’t accepting them then. I’m not familiar with azuracast.

kionite231@lemmy.ca on 16 Apr 16:21 collapse

You’ll have to look at why the upstream isn’t accepting them then. I’m not familiar with azuracast.

yes you are right, I asked it in Azuracast discord server and they said I have to manually enable “reverse proxy” option.

Thank you so much for helping me <3

skittlebrau@lemmy.world on 17 Apr 00:30 collapse

To be fair, it is confusing and I don’t recall whether the caddy docs mention it. Some applications require you to set a field called ‘trusted proxies’ and others will just work straight away.

irmadlad@lemmy.world on 16 Apr 15:34 collapse

Ok so This is a bit outside my Caddy knowledge base, but I remember reading about the Caddy RealIP module: github.com/captncraig/caddy-realip. Sounds like maybe that would be something to investigate.

ETA: Oops looks like Darkassassin07 has you covered.