Context: I am deploying a reverse proxy (Caddy) which handles TLS termination and doing TCP pass-through. My
fly.toml looks like this:
internal_port = 443
protocol = "tcp"
port = "443"
How do I get the “Fly-Client-IP” header without using the “Http” and “Proxy_proto” handler. I need to be able to get the Users’ IP address.
Any help would be appreciated as I’ve been on this for days now.
PS: It is important that I terminate the SSL with caddy
With TCP pass-through, you’d get the forwarded packets delivered to your app. You’d need to use the proxy_proto handler to get the client IPs.
TCP Pass Through
If you don’t specify handlers, we just forward TCP to your application as is. This is useful if you want to handle TLS termination yourself, for example.
(in this context as-is means “from fly-proxy”).
what’s your use-case for terminating TLS without the proxy_proto hander? You might find this thread useful if you need more information about our internal network.
Thanks, @eli for the quick feedback.
I’m getting an error “ERR_CONNECTION_CLOSED” when using the “proxy_proto” handler.
Error: while TCP-proxying data to/from app: failed to copy (direction=server->client, error=Connection reset by peer (os error 104))
Caddy is dropping the connection. I don’t think it natively support proxy protocol, but this plugin might help: GitHub - mastercactapus/caddy2-proxyprotocol
With Caddy, try one of these non-standard
proxy_proto listener modules (1, 2), if you aren’t already. Make sure to configure the module for either
v2 as approp (Fly supports both: tls + proxy_protocol How to set HTTP/2 ALPN? - #14 by jerome).
@kurt, @ignoramous. Thank you for pointing this out, I will give it a go now
@kurt, @ignoramous. It works perfectly! Thank you for your kind support.
@mankind Im having a similar issue. Are you able to share your caddy file and fly file? Also, how are you setting x-forwarded-for to be fly-client-IP?