kirsch33 / realip Goto Github PK

View Code? Open in Web Editor NEW

43.0 43.0 4.0 71 KB

realip module for Caddy v2

Home Page: https://github.com/kirsch33/realip

License: MIT License

Go 100.00%

realip's People

Contributors

Stargazers

Watchers

Forkers

linetrimmer ttys3 shift72

realip's Issues

Logs?

Hi.
I am testing your module. It seems to work but I do not see any logs in the caddy logs. Is it normal? Is it a way to see the actions actually performed by the module?
Thank you.
Laurent

Direct access to server with strict option returns a 500 error: Error reading remote addr

I want to deny access not from cloudflare, such as direct access by hitting ip address.

Expected behavior

A server returns 403

Actual behavior

When I access to the server with curl, the server returns 500 with this error.

$ curl -kIH "Host: <host name>" https://<server addr>/
HTTP/2 500
server: Caddy
strict-transport-security: max-age=31536000
date: Tue, 22 Dec 2020 07:32:47 GMT

Error reading remote addr: <my ip addr>:56264

Configuration

realip {
  header "X-Forwarded-For"
  from cloudflare
  maxhops 5
  strict true
}

Add a note about the necessary 'order' option

Since Caddy2 does not know where to place this plugin it its order of execution, you have to explicitly tell it. If you don't, Caddy will fail with the error:

... directive 'realip' is not ordered, so it cannot be used here

From Caddy documentation:

You can override/customize this ordering by using the order global option or the route directive.

It would be very helpful to add this tidbit to the Readme and make some suggestions as to where in the order of things this plugin may be useful. Do it first? or do it before reverse-proxying? It's not clear.

How can I downgrade CaddyServer

I accidentally upgraded my caddyserver to 2.5.2 and I’m not sure how to downgrade back to 2.4.6 with the model added. Any advice?

xcaddy not picking up v2.0.0

v2.0.0 is not being picked up by xcaddy when a new image is created. Build logs and Dockerfile are below.

xcaddy logs

Step 3/11 : RUN xcaddy build     --with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2     --with github.com/greenpau/caddy-security     --with github.com/greenpau/caddy-trace     --with github.com/porech/caddy-maxmind-geolocation     --with github.com/caddy-dns/cloudflare     --with github.com/kirsch33/realip
 ---> Running in 846689b45504
�[91m2022/05/18 06:30:31 [INFO] Temporary folder: /tmp/buildenv_2022-05-18-0630.3388528306
2022/05/18 06:30:31 [INFO] Writing main module: /tmp/buildenv_2022-05-18-0630.3388528306/main.go
package main

import (
	caddycmd "github.com/caddyserver/caddy/v2/cmd"

	// plug in Caddy modules here
	_ "github.com/caddyserver/caddy/v2/modules/standard"
	_ "github.com/lucaslorentz/caddy-docker-proxy/plugin/v2"
	_ "github.com/greenpau/caddy-security"
	_ "github.com/greenpau/caddy-trace"
	_ "github.com/porech/caddy-maxmind-geolocation"
	_ "github.com/caddy-dns/cloudflare"
	_ "github.com/kirsch33/realip"
)
...
�[0m�[91m2022/05/18 06:32:41 [INFO] exec (timeout=0s): /usr/local/go/bin/go get -d -v github.com/kirsch33/realip github.com/caddyserver/caddy/[email protected] 
�[0m�[91mgo: downloading github.com/kirsch33/realip v1.5.4
�[0m�[91mgo: added github.com/kirsch33/realip v1.5.4

DockerfIle

<html>
<body>
<!--StartFragment-->

ARG CADDY_VERSION=2.5.1
--
  |  
  | FROM caddy:${CADDY_VERSION}-builder AS builder
  | #FROM caddy:builder AS builder
  |  
  | RUN xcaddy build \
  | --with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2 \
  | --with github.com/greenpau/caddy-security \
  | --with github.com/greenpau/caddy-trace \
  | --with github.com/porech/caddy-maxmind-geolocation \
  | --with github.com/caddy-dns/cloudflare \
  | --with github.com/kirsch33/realip
  |  
  | FROM caddy:${CADDY_VERSION}-alpine
  | #FROM caddy:builder-alpine
  |  
  | RUN apk add --no-cache tzdata
  |  
  | COPY --from=builder /usr/bin/caddy /usr/bin/caddy
  |  
  | CMD ["caddy", "docker-proxy"]

<!--EndFragment-->
</body>
</html>

realip doesn't set the RemoteAddr correctly within basicauth

For more info, see thread starting from here: https://caddy.community/t/cant-message-users-here-reaching-out-via-thread/11063/26

This plugin will no longer be needed in Caddy v2.7.0

Just wanted to mention here that this plugin will no longer be needed because of the work done in caddyserver/caddy#5104.

The real client IP will be parsed if trusted_proxies is configured in global options, and the header it's read from can be configured with client_ip_headers (defaulting to X-Forwarded-For). The logs will include it as a new client_ip field.

Compared to this plugin, this approach doesn't affect req.RemoteAddr, that's left intact, but any other modules/handlers that might care to get the real client IP can get it from the request context.

Periodically update list of Cloudflare IPs

Great plugin!

Do you have a plan on how to keep the IP list up to date?

Please update document

I used a lot of search to find out the usage configuration of the plugin in Caddyfile
Finally found the usage method at the link below
https://github.com/common-creation/caddy-docker/blob/main/etc/sample.Caddyfile