config for caddy version >= 2.5 changed

[inos-github]

after upgrading caddy to version 2.5, notify_push was broken. After some researches I found this bug report and the solution for the problem.

the root cause for the changed configuration is:

caddy v2.5.0 no longer blindly trusts X-Forwarded-For headers from any client.

The release notes under Notable state:

Reverse proxy: Incoming X-Forwarded-* headers will no longer be automatically trusted, to prevent spoofing. Now, trusted_proxies must be configured to specify a list of downstream proxies which are trusted to have sent good values. You only need to configure trusted proxies if Caddy is not the first server being connected to. For example, if you have Cloudflare in front of Caddy, then you should configure this with Cloudflare’s list of IP ranges 1.

to fix it, change your caddy-file to somthing like this:

php_fastcgi unix//run/php-fpm/nextcloud.sock {
    env modHeadersAvailable true
    env front_controller_active true
    env HTTPS on
+   trusted_proxies private_ranges
}

It would make sense to change the README accordingly...

[RedrootDEV]

I have a problem related to this, until Caddy 2.4.6 Nextcloud did not show me proxy errors, from version 2.5.0 it started to happen.
Even adding the full list of cloudflare IP's as "trusted_proxies" the error remains.