Closed karrots closed 4 years ago
What does the log file of caddy tell you where the connection is coming from? Try to enable logging for caddy if it is not already.
Also for a short while, try to increase the log_level of bitwarden_rs to trace. This should show all the headers received during the request.
I don't think this is a bitwarden_rs issue. You probably need https://caddyserver.com/v1/docs/http.realip.
@jjlin your suggestion would be correct if I were running another proxy in front of Caddy and using Caddy as an HTTP server. I'm using Caddy as a reverse proxy to bitwarden_rs there is no other proxy in front of Caddy to add the X-Forwarded-For header in.
@BlackDex using trace level I am seeing the X-Real-Ip header with the docker private IP addresses. So it seems the issue is with the docker networking when using docker-compose. I'll have to see if I can find anything on this elsewhere.
Sample from log file.
"X-Real-Ip"=[49, 57, 50, 46, 49, 54, 56, 46, 51, 50, 46, 49]
Fix is to specify host mode for the exposed ports.
https://github.com/moby/moby/issues/25526#issuecomment-463668116
In my docker-compose.yml
I did it like this. If you have a newer docker-compose that supports the extended format mentioned in the link above you may not need to specify the host IP.
ports:
- "<HOSTIP>:80:80/tcp"
- "<HOSTIP>:443:443/tcp"
While attempting to validate the fail2ban setup I noticed that real IP addresses are not being shown correctly in the log files. I do have the
transparent
directive in theCaddyfile
for each proxy entry. Myconfig.json
specifiesX-Forwarded-For
andX-Real-IP
both had the same outcome.Your environment
Steps to reproduce
Setup per instructions at link https://github.com/dani-garcia/bitwarden_rs/wiki/Using-Docker-Compose
Expected behavior
Should show actual client IP addresses as listed in the
X-Real-IP
orX-Forwarded-For
headers.Actual behavior
Shows internal Docker IP addresses.
Relevant logs
[error][ERROR] Username or password is incorrect. Try again. IP: 192.168.32.1. Username: example@example.com