kirsch33 / realip Goto Github PK
View Code? Open in Web Editor NEWrealip module for Caddy v2
Home Page: https://github.com/kirsch33/realip
License: MIT License
realip module for Caddy v2
Home Page: https://github.com/kirsch33/realip
License: MIT License
Hi.
I am testing your module. It seems to work but I do not see any logs in the caddy logs. Is it normal? Is it a way to see the actions actually performed by the module?
Thank you.
Laurent
I want to deny access not from cloudflare, such as direct access by hitting ip address.
A server returns 403
When I access to the server with curl, the server returns 500 with this error.
$ curl -kIH "Host: <host name>" https://<server addr>/
HTTP/2 500
server: Caddy
strict-transport-security: max-age=31536000
date: Tue, 22 Dec 2020 07:32:47 GMT
Error reading remote addr: <my ip addr>:56264
realip {
header "X-Forwarded-For"
from cloudflare
maxhops 5
strict true
}
Since Caddy2 does not know where to place this plugin it its order of execution, you have to explicitly tell it. If you don't, Caddy will fail with the error:
... directive 'realip' is not ordered, so it cannot be used here
From Caddy documentation:
You can override/customize this ordering by using the
order
global option or theroute
directive.
It would be very helpful to add this tidbit to the Readme and make some suggestions as to where in the order of things this plugin may be useful. Do it first? or do it before reverse-proxying? It's not clear.
I accidentally upgraded my caddyserver to 2.5.2 and I’m not sure how to downgrade back to 2.4.6 with the model added. Any advice?
v2.0.0 is not being picked up by xcaddy when a new image is created. Build logs and Dockerfile are below.
xcaddy logs
Step 3/11 : RUN xcaddy build --with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2 --with github.com/greenpau/caddy-security --with github.com/greenpau/caddy-trace --with github.com/porech/caddy-maxmind-geolocation --with github.com/caddy-dns/cloudflare --with github.com/kirsch33/realip
---> Running in 846689b45504
�[91m2022/05/18 06:30:31 [INFO] Temporary folder: /tmp/buildenv_2022-05-18-0630.3388528306
2022/05/18 06:30:31 [INFO] Writing main module: /tmp/buildenv_2022-05-18-0630.3388528306/main.go
package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
// plug in Caddy modules here
_ "github.com/caddyserver/caddy/v2/modules/standard"
_ "github.com/lucaslorentz/caddy-docker-proxy/plugin/v2"
_ "github.com/greenpau/caddy-security"
_ "github.com/greenpau/caddy-trace"
_ "github.com/porech/caddy-maxmind-geolocation"
_ "github.com/caddy-dns/cloudflare"
_ "github.com/kirsch33/realip"
)
...
�[0m�[91m2022/05/18 06:32:41 [INFO] exec (timeout=0s): /usr/local/go/bin/go get -d -v github.com/kirsch33/realip github.com/caddyserver/caddy/[email protected]
�[0m�[91mgo: downloading github.com/kirsch33/realip v1.5.4
�[0m�[91mgo: added github.com/kirsch33/realip v1.5.4
DockerfIle
<html>
<body>
<!--StartFragment-->
ARG CADDY_VERSION=2.5.1
--
|
| FROM caddy:${CADDY_VERSION}-builder AS builder
| #FROM caddy:builder AS builder
|
| RUN xcaddy build \
| --with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2 \
| --with github.com/greenpau/caddy-security \
| --with github.com/greenpau/caddy-trace \
| --with github.com/porech/caddy-maxmind-geolocation \
| --with github.com/caddy-dns/cloudflare \
| --with github.com/kirsch33/realip
|
| FROM caddy:${CADDY_VERSION}-alpine
| #FROM caddy:builder-alpine
|
| RUN apk add --no-cache tzdata
|
| COPY --from=builder /usr/bin/caddy /usr/bin/caddy
|
| CMD ["caddy", "docker-proxy"]
<!--EndFragment-->
</body>
</html>
For more info, see thread starting from here: https://caddy.community/t/cant-message-users-here-reaching-out-via-thread/11063/26
Just wanted to mention here that this plugin will no longer be needed because of the work done in caddyserver/caddy#5104.
The real client IP will be parsed if trusted_proxies
is configured in global options, and the header it's read from can be configured with client_ip_headers
(defaulting to X-Forwarded-For
). The logs will include it as a new client_ip
field.
Compared to this plugin, this approach doesn't affect req.RemoteAddr
, that's left intact, but any other modules/handlers that might care to get the real client IP can get it from the request context.
Great plugin!
Do you have a plan on how to keep the IP list up to date?
I used a lot of search to find out the usage configuration of the plugin in Caddyfile
Finally found the usage method at the link below
https://github.com/common-creation/caddy-docker/blob/main/etc/sample.Caddyfile
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.