Configuring Caddy with the Fly proxy as a trusted proxy along with passing the client IP

With the 2.7.3 release of Caddy this last week we get a new feature that helps us pass a more secure client IP to Caddy through the custom header that Fly uses. This change was merged at the end of March but is now available in a major release.

Specifically this means that the client IP Fly proxy sets as the Fly-Client-IP header can be passed to Caddy, as opposed to using the default X-Forwarded-For header. With the following configuration options, Caddy assigns the client IP from Fly-Client-IP to a new client_ip field. My understanding is that the Fly-Client-IP is more secure because it’s not as easily forged as X-Forwarded-For. Before there was only a remote_ip field which would confuse the difference between proxy and client IP.

  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "trusted_proxies": {
            "source": "static",
            "ranges": [
          "client_ip_headers": [

I believe this is the right trusted proxy range but please do correct me if I’m wrong about that… or anything else I might be misunderstanding about for that matter.

Some relevant resources:

1 Like