Hi,
I have a problem with the logging of the IP address.
In the logs (and also in the login notification emails) only the local IP address of the Docker container appears instead of the IP address of the device used for login.
For the configuration I used the examples from the wiki.
docker-compose.yml:
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
- WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
- SIGNUPS_ALLOWED=false
- INVITATIONS_ALLOWED=false
- DOMAIN=https://sub.domain.tld
- LOG_FILE=/Data/vaultwarden.log
- LOG_LEVEL=warn
- EXTENDED_LOGGING=true
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
- DOMAIN=https://sub.domain.tld # Your domain, prefixed with http or https.
- EMAIL=myemail@domain.tld # The email address to use for ACME registration.
- LOG_FILE=/data/access.log
My Caddyfile:
sub.domain.tld:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls myemail@domain.tld
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
Partial output of docker logs vaultwarden
:
Error: Username or password is incorrect. Try again. IP: 172.31.0.1. Username: wrongemail@domain.tld.
Where am I making a mistake?
Thank you for your answers