From 35c8c2d92d26208642cea0d1549c77a00124e154 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Apr 2025 16:43:06 -0600 Subject: [PATCH] caddytls: Add remote_ip to HTTP cert manager (close #6952) --- modules/caddytls/certmanagers.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go index 56950bc84..7bc4c2c84 100644 --- a/modules/caddytls/certmanagers.go +++ b/modules/caddytls/certmanagers.go @@ -5,6 +5,7 @@ import ( "crypto/tls" "fmt" "io" + "net" "net/http" "net/url" "strings" @@ -143,6 +144,10 @@ func (hcg HTTPCertGetter) GetCertificate(ctx context.Context, hello *tls.ClientH qs.Set("server_name", hello.ServerName) qs.Set("signature_schemes", strings.Join(sigs, ",")) qs.Set("cipher_suites", strings.Join(suites, ",")) + remoteIP, _, err := net.SplitHostPort(hello.Conn.RemoteAddr().String()) + if err == nil && remoteIP != "" { + qs.Set("remote_ip", remoteIP) + } parsed.RawQuery = qs.Encode() req, err := http.NewRequestWithContext(hcg.ctx, http.MethodGet, parsed.String(), nil)