fix: https is ignored with proxy is enabled

When ENABLE_WEB_PROXY=false, Caddy was overriding the X-Forwarded-* headers. This is a change that was introduced in 2.5.0. We upgrade to 2.6.3 to use the new global "trusted_proxies" directive. https://github.com/caddyserver/caddy/releases/tag/v2.6.3 https://github.com/caddyserver/caddy/releases/tag/v2.5.0
2025-01-05 15:12:10 +00:00 · 2023-02-09 20:30:31 +01:00 · 2023-02-09 20:30:31 +01:00 · 2381be6921
commit 2381be6921
parent bda4e0a71c
2 changed files with 10 additions and 1 deletions
--- a/tutor/templates/apps/caddy/Caddyfile
+++ b/tutor/templates/apps/caddy/Caddyfile
@ -1,5 +1,14 @@
 # Global configuration
 {
+
+    {% if not ENABLE_WEB_PROXY %}
+    # Enable proxying from all servers by default. Otherwise, X-Forwarded-* headers will
+    # be overwritten.
+    # https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#defaults
+    servers {
+        trusted_proxies static 0.0.0.0/0 ::/0
+    }
+    {% endif %}
    {{ patch("caddyfile-global")|indent(4) }}
 }

--- a/tutor/templates/config/defaults.yml
+++ b/tutor/templates/config/defaults.yml
@ -12,7 +12,7 @@ DOCKER_COMPOSE_VERSION: "3.7"
 DOCKER_REGISTRY: "docker.io/"
 DOCKER_IMAGE_OPENEDX: "{{ DOCKER_REGISTRY }}overhangio/openedx:{{ TUTOR_VERSION }}"
 DOCKER_IMAGE_OPENEDX_DEV: "openedx-dev:{{ TUTOR_VERSION }}"
-DOCKER_IMAGE_CADDY: "docker.io/caddy:2.6.2"
+DOCKER_IMAGE_CADDY: "docker.io/caddy:2.6.3"
 DOCKER_IMAGE_ELASTICSEARCH: "docker.io/elasticsearch:7.10.1"
 DOCKER_IMAGE_MONGODB: "docker.io/mongo:4.2.17"
 DOCKER_IMAGE_MYSQL: "docker.io/mysql:5.7.35"