chris/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change default Authentik snippet to only modify X-Real-IP and X-Forwarded-Port headers

Browse Source 
Caddy passes through and sets other headers automatically
Only use Cloudflare connecting IP header when request is coming from cloudflare
This commit is contained in:
Chris King
2025-02-16 01:16:36 -08:00
parent d2810af09f
commit 79aa347f6a
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
caddy/config/Caddyfile
View File

@@ -78,9 +78,17 @@
{args[0]}.tremendousturtle.tools { {args[0]}.tremendousturtle.tools {
import ttt-log {args[0]} import ttt-log {args[0]}
import tls import tls
reverse_proxy authentik-app-1:9000 { @not_cf header !CF-Connecting-IP
@cf header CF-Connecting-IP *
reverse_proxy @not_cf authentik-app-1:9000 {
header_up X-Real-IP {remote_host}
header_up X-Forwarded-Port {server_port}
}
reverse_proxy @cf authentik-app-1:9000 {
header_up X-Real-IP {http.request.header.CF-Connecting-IP} header_up X-Real-IP {http.request.header.CF-Connecting-IP}
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} header_up X-Forwarded-Port {server_port}
} }
} }
} }