feat: [#272] Explicitly set X-Forwarded-For header in Caddy reverse proxy

josecelano · josecelano · commit e464aca65930 · 2026-01-20T14:21:44.000Z
Add explicit header_up X-Forwarded-For configuration to Caddyfile.tera
instead of relying on Caddy's default behavior.

Rationale:
- While Caddy sets X-Forwarded-For by default, we explicitly configure
  it to guard against future changes in Caddy's default behavior
- This header is critical for the tracker's on_reverse_proxy mode to
  correctly identify client IPs for peer tracking in BitTorrent swarms
- Explicit configuration makes the intent clear and self-documenting

The X-Forwarded-For header is required by the tracker when running
behind a reverse proxy to record the correct peer IP addresses.
diff --git a/templates/caddy/Caddyfile.tera b/templates/caddy/Caddyfile.tera
@@ -3,6 +3,13 @@
 #
 # This template generates a Caddyfile based on which services have TLS configured.
 # Services without TLS configuration will not have entries here (they remain HTTP-only).
+#
+# Header Forwarding:
+# Caddy sets X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host by default.
+# We explicitly set X-Forwarded-For to ensure this behavior is maintained even if
+# Caddy's defaults change in future versions. The tracker requires X-Forwarded-For
+# when running behind a reverse proxy (on_reverse_proxy: true) to correctly identify
+# the original client IP address for peer tracking.
 
 # Global options
 {
@@ -18,27 +25,38 @@
 
 # Tracker REST API
 {{ tracker_api.domain }} {
-	reverse_proxy tracker:{{ tracker_api.port }}
+	reverse_proxy tracker:{{ tracker_api.port }} {
+		# Explicitly forward client IP - required for tracker's on_reverse_proxy mode
+		header_up X-Forwarded-For {remote_host}
+	}
 }
 {%- endif %}
 {%- for http_tracker in http_trackers %}
 
 # HTTP Tracker {{ loop.index }}
 {{ http_tracker.domain }} {
-	reverse_proxy tracker:{{ http_tracker.port }}
+	reverse_proxy tracker:{{ http_tracker.port }} {
+		# Explicitly forward client IP - critical for peer tracking accuracy
+		# The tracker uses this to record the correct peer IP in the swarm
+		header_up X-Forwarded-For {remote_host}
+	}
 }
 {%- endfor %}
 {%- if health_check_api %}
 
 # Health Check API
 {{ health_check_api.domain }} {
-	reverse_proxy tracker:{{ health_check_api.port }}
+	reverse_proxy tracker:{{ health_check_api.port }} {
+		header_up X-Forwarded-For {remote_host}
+	}
 }
 {%- endif %}
 {%- if grafana %}
 
 # Grafana UI with WebSocket support
 {{ grafana.domain }} {
-	reverse_proxy grafana:3000
+	reverse_proxy grafana:3000 {
+		header_up X-Forwarded-For {remote_host}
+	}
 }
 {%- endif %}
