Client IP not logging correctly in logs #636

New Issue

OVERLORD · 2026-02-04T21:58:36+03:00

OVERLORD commented

2026-02-04 21:58:36 +03:00

Originally created by @karrots on GitHub (Mar 4, 2020).

While attempting to validate the fail2ban setup I noticed that real IP addresses are not being shown correctly in the log files. I do have the transparent directive in the Caddyfile for each proxy entry. My config.json specifies X-Forwarded-For and X-Real-IP both had the same outcome.

Your environment

Bitwarden_rs version: 1.13.1
Install method: Official Docker Image with docker-compose
Clients used: any
Reverse proxy and version: Caddy v1.0.3
Version of mysql/postgresql: sqlite3
Other relevant information:

Steps to reproduce

Setup per instructions at link https://github.com/dani-garcia/bitwarden_rs/wiki/Using-Docker-Compose

Expected behavior

Should show actual client IP addresses as listed in the X-Real-IP or X-Forwarded-For headers.

Actual behavior

Shows internal Docker IP addresses.

Relevant logs

[error][ERROR] Username or password is incorrect. Try again. IP: 192.168.32.1. Username: example@example.com

Originally created by @karrots on GitHub (Mar 4, 2020). While attempting to validate the fail2ban setup I noticed that real IP addresses are not being shown correctly in the log files. I do have the `transparent` directive in the `Caddyfile` for each proxy entry. My `config.json` specifies `X-Forwarded-For` and `X-Real-IP` both had the same outcome. ### Your environment  * Bitwarden_rs version: 1.13.1 * Install method: Official Docker Image with docker-compose * Clients used: any * Reverse proxy and version: Caddy v1.0.3 * Version of mysql/postgresql: sqlite3 * Other relevant information: ### Steps to reproduce Setup per instructions at link https://github.com/dani-garcia/bitwarden_rs/wiki/Using-Docker-Compose ### Expected behavior Should show actual client IP addresses as listed in the `X-Real-IP` or `X-Forwarded-For` headers. ### Actual behavior Shows internal Docker IP addresses. ### Relevant logs `[error][ERROR] Username or password is incorrect. Try again. IP: 192.168.32.1. Username: example@example.com`

OVERLORD closed this issue

2026-02-04 21:58:37 +03:00

OVERLORD commented

2026-02-04 21:58:45 +03:00

@BlackDex commented on GitHub (Mar 5, 2020):

What does the log file of caddy tell you where the connection is coming from? Try to enable logging for caddy if it is not already.

@BlackDex commented on GitHub (Mar 5, 2020): What does the log file of caddy tell you where the connection is coming from? Try to enable logging for caddy if it is not already.

OVERLORD commented

2026-02-04 21:58:55 +03:00

@BlackDex commented on GitHub (Mar 5, 2020):

Also for a short while, try to increase the log_level of bitwarden_rs to trace. This should show all the headers received during the request.

@BlackDex commented on GitHub (Mar 5, 2020): Also for a short while, try to increase the log_level of bitwarden_rs to trace. This should show all the headers received during the request.

OVERLORD commented

2026-02-04 21:59:03 +03:00

@jjlin commented on GitHub (Mar 5, 2020):

I don't think this is a bitwarden_rs issue. You probably need https://caddyserver.com/v1/docs/http.realip.

@jjlin commented on GitHub (Mar 5, 2020): I don't think this is a bitwarden_rs issue. You probably need https://caddyserver.com/v1/docs/http.realip.

OVERLORD commented

2026-02-04 21:59:07 +03:00

@karrots commented on GitHub (Mar 5, 2020):

@jjlin your suggestion would be correct if I were running another proxy in front of Caddy and using Caddy as an HTTP server. I'm using Caddy as a reverse proxy to bitwarden_rs there is no other proxy in front of Caddy to add the X-Forwarded-For header in.

@BlackDex using trace level I am seeing the X-Real-Ip header with the docker private IP addresses. So it seems the issue is with the docker networking when using docker-compose. I'll have to see if I can find anything on this elsewhere.

Sample from log file.
"X-Real-Ip"=[49, 57, 50, 46, 49, 54, 56, 46, 51, 50, 46, 49]

@karrots commented on GitHub (Mar 5, 2020): @jjlin your suggestion would be correct if I were running another proxy in front of Caddy and using Caddy as an HTTP server. I'm using Caddy as a reverse proxy to bitwarden_rs there is no other proxy in front of Caddy to add the X-Forwarded-For header in. @BlackDex using trace level I am seeing the X-Real-Ip header with the docker private IP addresses. So it seems the issue is with the docker networking when using docker-compose. I'll have to see if I can find anything on this elsewhere. Sample from log file. `"X-Real-Ip"=[49, 57, 50, 46, 49, 54, 56, 46, 51, 50, 46, 49]`

OVERLORD commented

2026-02-04 21:59:11 +03:00

@karrots commented on GitHub (Mar 5, 2020):

Fix is to specify host mode for the exposed ports.

https://github.com/moby/moby/issues/25526#issuecomment-463668116

In my docker-compose.yml I did it like this. If you have a newer docker-compose that supports the extended format mentioned in the link above you may not need to specify the host IP.

    ports:
      - "<HOSTIP>:80:80/tcp"
      - "<HOSTIP>:443:443/tcp"

@karrots commented on GitHub (Mar 5, 2020): Fix is to specify host mode for the exposed ports. https://github.com/moby/moby/issues/25526#issuecomment-463668116 In my `docker-compose.yml` I did it like this. If you have a newer docker-compose that supports the extended format mentioned in the link above you may not need to specify the host IP. ``` ports: - "<HOSTIP>:80:80/tcp" - "<HOSTIP>:443:443/tcp" ```

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#636