refactor: [#272] Set X-Forwarded-For header only for HTTP trackers

josecelano · josecelano · commit 28336e088012 · 2026-01-20T15:25:55.000Z
The X-Forwarded-For header is critical only for HTTP trackers where the
tracker needs the real client IP to record correct peer addresses in
the swarm. Other services (API, health check, Grafana) don't require
explicit header configuration as Caddy's default forwarding is sufficient.

This change:
- Keeps explicit header_up X-Forwarded-For {remote_host} for HTTP trackers
- Removes explicit header for API, health check, and Grafana endpoints
- Updates header comment to clarify it's for HTTP trackers specifically
diff --git a/templates/caddy/Caddyfile.tera b/templates/caddy/Caddyfile.tera
@@ -4,12 +4,12 @@
 # This template generates a Caddyfile based on which services have TLS configured.
 # Services without TLS configuration will not have entries here (they remain HTTP-only).
 #
-# Header Forwarding:
+# Header Forwarding for HTTP Trackers:
 # Caddy sets X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host by default.
-# We explicitly set X-Forwarded-For to ensure this behavior is maintained even if
-# Caddy's defaults change in future versions. The tracker requires X-Forwarded-For
-# when running behind a reverse proxy (on_reverse_proxy: true) to correctly identify
-# the original client IP address for peer tracking.
+# We explicitly set X-Forwarded-For for HTTP trackers to ensure this behavior is
+# maintained even if Caddy's defaults change in future versions. The tracker requires
+# X-Forwarded-For when running behind a reverse proxy (on_reverse_proxy: true) to
+# correctly identify the original client IP address for peer tracking.
 
 # Global options
 {
@@ -25,10 +25,7 @@
 
 # Tracker REST API
 {{ tracker_api.domain }} {
-	reverse_proxy tracker:{{ tracker_api.port }} {
-		# Explicitly forward client IP - required for tracker's on_reverse_proxy mode
-		header_up X-Forwarded-For {remote_host}
-	}
+	reverse_proxy tracker:{{ tracker_api.port }}
 }
 {%- endif %}
 {%- for http_tracker in http_trackers %}
@@ -46,17 +43,13 @@
 
 # Health Check API
 {{ health_check_api.domain }} {
-	reverse_proxy tracker:{{ health_check_api.port }} {
-		header_up X-Forwarded-For {remote_host}
-	}
+	reverse_proxy tracker:{{ health_check_api.port }}
 }
 {%- endif %}
 {%- if grafana %}
 
 # Grafana UI with WebSocket support
 {{ grafana.domain }} {
-	reverse_proxy grafana:3000 {
-		header_up X-Forwarded-For {remote_host}
-	}
+	reverse_proxy grafana:3000
 }
 {%- endif %}
