gitlab behind caddy proxy shows invalid IP in case of failed signin
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
We are running gitlab in docker behind caddy as reverse-proxy. When login failes, gitlab sends a notification about the inncorrect verification code. In this email is the IP Address of docker network and not the ip address of real origin.
Steps to reproduce
- setup caddy as reverse proxy (may not be necessary)
- Setup gitlab in docker with outgoing mail
- Add a gitlab user & mail address with two factor (authenticator)
- Login with this user, but enter invalid authenticator code
Example Project
N/A
What is the current bug behavior?
IP Address of network inside docker is part of notification mail
What is the expected correct behavior?
IP adress of real origin
Relevant logs and/or screenshots
unfortunately only available in german..
GitLab hat den Versuch einer Anmeldung mit einem falschen Bestätigungscode an deinem git.datenzentrale.online-Konto entdeckt.
Hostname git.xxxxxxx.online
IP-Adresse 172.20.0.1
Zeit 2025-09-30 12:40:24 UTC
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) System information System: Proxy: no Current User: git Using RVM: no Ruby Version: 3.2.8 Gem Version: 3.7.1 Bundler Version:2.7.1 Rake Version: 13.0.6 Redis Version: 7.2.10 Sidekiq Version:7.3.9 Go Version: unknown GitLab information Version: 18.4.0-ee Revision: 9255f56b458 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 16.8 URL: https://git.datenzentrale.online HTTP Clone URL: https://git.datenzentrale.online/some-group/some-project.git SSH Clone URL: ssh://git@git.datenzentrale.online:55522/some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 14.45.2 Repository storages: - default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Gitaly - default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket - default Version: 18.4.0 - default Git Version: 2.50.1 (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)
Possible fixes
Patch release information for backports
If the bug fix needs to be backported in a patch release to a version under the maintenance policy, please follow the steps on the patch release runbook for GitLab engineers.
Refer to the internal "Release Information" dashboard for information about the next patch release, including the targeted versions, expected release date, and current status.
High-severity bug remediation
To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.