Configure Caddy to use PROXY protocol for X-Forwarded-For.

2026-05-14 03:01:48 +00:00 · 2025-09-21 14:24:25 +00:00
parent d4f5420875
commit e59699ab1a
2 changed files with 15 additions and 2 deletions
--- a/conf/Caddyfile
+++ b/conf/Caddyfile
@@ -1,3 +1,13 @@
+(proxy) {
+	listener_wrappers {
+		proxy_protocol {
+			timeout 1s
+			allow {$ALLOW_PROXY}
+		}
+		tls
+	}
+}
+
 {
 	persist_config off

@@ -33,11 +43,13 @@
 	servers :80 {
 		name http
 		protocols h1 h2c
+		import proxy
 	}

 	servers :443 {
 		name https
 		protocols h1 h2
+		import proxy
 	}

 	servers {$UDP_BIND_TO:0.0.0.0}:443 {
--- a/fly.toml
+++ b/fly.toml
@@ -18,6 +18,7 @@ memory = 512

 [env]
 UDP_BIND_TO = "fly-global-services"
+ALLOW_PROXY = "172.16.0.0/16"
 AUTOMEMLIMIT = "0.25"

 [[files]]
@@ -27,14 +28,14 @@ secret_name = "GIT_PAGES_CONFIG"
 [[services]]
 internal_port = 80
 protocol = "tcp"
-ports = [{ port = 80 }]
+ports = [{ port = 80, handlers = ["proxy_proto"], proxy_proto_options = { version = "v2" } }]
 auto_stop_machines = "stop"
 auto_start_machines = true

 [[services]]
 internal_port = 443
 protocol = "tcp"
-ports = [{ port = 443 }]
+ports = [{ port = 443, handlers = ["proxy_proto"], proxy_proto_options = { version = "v2" } }]
 auto_stop_machines = "stop"
 auto_start_machines = true