From dc49aba0393f76d1a19af205e95eefebd472f0eb Mon Sep 17 00:00:00 2001
From: Ivan Gabaldon <igabaldon@inetol.net>
Date: Thu, 12 Jun 2025 15:39:53 +0200
Subject: [PATCH] [mod] caddy: trusted proxies support

Early preparation for https://github.com/searxng/searxng/pull/4911
---
 Caddyfile | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/Caddyfile b/Caddyfile
index 655b7b4b..15f1489a 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -18,6 +18,15 @@
 			}
 		}
 	}
+
+	servers {
+		client_ip_headers X-Forwarded-For X-Real-IP
+
+		# Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
+		# https://caddyserver.com/docs/caddyfile/options#trusted-proxies
+		trusted_proxies static private_ranges
+		trusted_proxies_strict
+	}
 }
 
 {$SEARXNG_HOSTNAME}
@@ -81,11 +90,8 @@ route {
 	header @static Cache-Control "max-age=31536000, public, immutable"
 }
 
-# SearXNG (uWSGI)
+# SearXNG
 reverse_proxy localhost:8080 {
-	header_up X-Forwarded-Port {http.request.port}
-	header_up X-Real-IP {http.request.remote.host}
-
 	# https://github.com/searx/searx-docker/issues/24
 	header_up Connection "close"
 }