Logs?

[Gandulf78]

Hi.
I am testing your module. It seems to work but I do not see any logs in the caddy logs. Is it normal? Is it a way to see the actions actually performed by the module?
Thank you.
Laurent

[francislavoie]

I'm not sure what kinds of logs you're expecting to see.

What's your config? What do you see in your logs?

[Gandulf78]

My realip config is
realip {
header "X-Forwarded-For"
from cloudflare
from 10.0.0.0/8
maxhops 5
strict true
}

I've modified it for testing with:

realip {
header "X-Forwarded-For"
#from cloudflare
from 10.0.0.0/8
maxhops 5
strict true
}

and I cannot reach my webservice from Cloudflare but from my local network which is fine.
When I look at my caddy logs I have no trace a connection have been rejected. It would be interesting to check there's no attack attempts. Does is make sense?

Here are my logs:

{"level":"info","ts":1651171517.293661,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["myserver.fr","acme.roadrunner"]}
{"level":"info","ts":1651171517.3564906,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"warn","ts":1651171517.6778858,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [acme.roadrunner]: no OCSP server specified in certificate","identifiers":["acme.roadrunner"]}
{"level":"info","ts":1651171517.7051857,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1651171517.7059333,"msg":"serving initial configuration"}
{"level":"info","ts":1651171517.7805393,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"warn","ts":1651171521.458605,"logger":"dynamic_dns.ip_sources.simple_http","msg":"IPv6 lookup failed","endpoint":"https://api64.ipify.org","error":"Get "https://api64.ipify.org\": dial tcp6: lookup api64.ipify.org on 127.0.0.11:53: no such host"}

[francislavoie]

Is that your entire config?

I don't think you've actually enabled access logging.

You need to use https://caddyserver.com/docs/caddyfile/directives/log

Also, turn on the debug global option to get the most detailed logs.

[Gandulf78]

Alright I see them with debug.
It seems to me it should be more than debug logs though since there could be real attacks.
May I suggest considering an option to log in regular logs ?

[francislavoie]

What logs? I'm not clear on what you're talking about. Please be specific.

[Gandulf78]

Sorry. I would like to get a record of the access attempts refused by the realip module with "strict" (IP not matching the conditions).
Just a record in the regular log (access log?) would be good enough.

[francislavoie]

Ah okay. Yeah, right now it just triggers a 403 error (which you can handle with handle_errors if you want).

realip/module.go

Line 227 in 3eaa4a6

return caddyhttp.Error(http.StatusForbidden, err)

But like I said, enable the log inside your site, you'll see these at ERROR level.

[Gandulf78]

Ok thanks for your guidance. So log ERROR should do the trick.
Thanks.