Change default Authentik snippet to only modify X-Real-IP and X-Forwarded-Port headers

Caddy passes through and sets other headers automatically
Only use Cloudflare connecting IP header when request is coming from cloudflare

caddy/config/Caddyfile

@@ -78,9 +78,17 @@
 	{args[0]}.tremendousturtle.tools {
 		import ttt-log {args[0]}
 		import tls
-		reverse_proxy authentik-app-1:9000 {
+		@not_cf header !CF-Connecting-IP
+		@cf header CF-Connecting-IP *
+
+		reverse_proxy @not_cf authentik-app-1:9000 {
+			header_up X-Real-IP {remote_host}
+			header_up X-Forwarded-Port {server_port}
+		}
+
+		reverse_proxy @cf authentik-app-1:9000 {
 			header_up X-Real-IP {http.request.header.CF-Connecting-IP}
-			header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+			header_up X-Forwarded-Port {server_port}
 		}
 	}
 }